CVE-2023-5250

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Oct 30, 2023
Updated: Nov 8, 2023
CWE ID 98

Summary

The vulnerability with CVE ID CVE-2023-5250 affects the Grid Plus plugin for WordPress in versions up to and including 1.3.2. It allows attackers with subscriber-level or higher access to include and execute arbitrary files on the server using a shortcode attribute, potentially leading to the execution of malicious PHP code. This vulnerability can be exploited to bypass access controls, gain unauthorized access to sensitive data, or achieve code execution if PHP files with arbitrary content can be uploaded and included. The risk score for this vulnerability is 65, indicating a medium severity level. It has a low exploitability score of 3.1, requiring low privileges and no user interaction. The attack vector is through the network, impacting confidentiality and integrity at a low level, with no availability impact identified. Remediation for this vulnerability would involve updating the Grid Plus plugin to a version that is not affected by this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-5250 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions