CVE-2023-5250
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Summary
The vulnerability with CVE ID CVE-2023-5250 affects the Grid Plus plugin for WordPress in versions up to and including 1.3.2. It allows attackers with subscriber-level or higher access to include and execute arbitrary files on the server using a shortcode attribute, potentially leading to the execution of malicious PHP code. This vulnerability can be exploited to bypass access controls, gain unauthorized access to sensitive data, or achieve code execution if PHP files with arbitrary content can be uploaded and included. The risk score for this vulnerability is 65, indicating a medium severity level. It has a low exploitability score of 3.1, requiring low privileges and no user interaction. The attack vector is through the network, impacting confidentiality and integrity at a low level, with no availability impact identified. Remediation for this vulnerability would involve updating the Grid Plus plugin to a version that is not affected by this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions