CVSS 3.1 Score 5.4 of 10 (medium)


Published Sep 27, 2023
Updated: Nov 7, 2023


CVE-2023-5135 is a vulnerability affecting the Simple Cloudflare Turnstile plugin for WordPress versions up to 1.23.1. The vulnerability is categorized as CWE-79, which refers to Improper Neutralization of Input During Web Page Generation (Cross-site Scripting). It allows authenticated attackers with contributor-level and above permissions to execute arbitrary web scripts in pages by injecting them through the 'gravity-simple-turnstile' shortcode. The vulnerability arises due to insufficient input sanitization and output escaping on user supplied attributes. It poses a medium risk with a base severity score of 5.4, and it requires user interaction for exploitation over a network. To remediate this vulnerability, users should update their Simple Cloudflare Turnstile plugin to versions beyond 1.23.1, which address the issue and ensure that proper input sanitization and output escaping are implemented.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-5135 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options