CVSS 3.1 Score 6.4 of 10 (medium)


Published Oct 30, 2023
Updated: Nov 8, 2023


The vulnerability with CVE ID CVE-2023-5250 affects the Grid Plus plugin for WordPress in versions up to and including 1.3.2. It allows attackers with subscriber-level or higher access to include and execute arbitrary files on the server using a shortcode attribute, potentially leading to the execution of malicious PHP code. This vulnerability can be exploited to bypass access controls, gain unauthorized access to sensitive data, or achieve code execution if PHP files with arbitrary content can be uploaded and included. The risk score for this vulnerability is 65, indicating a medium severity level. It has a low exploitability score of 3.1, requiring low privileges and no user interaction. The attack vector is through the network, impacting confidentiality and integrity at a low level, with no availability impact identified. Remediation for this vulnerability would involve updating the Grid Plus plugin to a version that is not affected by this issue.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-5250 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options