CVE-2023-5311

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 25, 2023
Updated: Nov 7, 2023
CWE ID 862

Summary

CVE-2023-5311 is a vulnerability affecting the WP EXtra plugin for WordPress. Authenticated attackers with subscriber-level permissions and above can exploit this issue by bypassing capability checks on the register() function in versions up to 6.2. This allows them to modify the contents of .htaccess files, located in the root directory and /wp-content and /wp-includes folders, potentially leading to remote code execution. This vulnerability poses a significant risk and requires immediate attention and patching from WordPress site owners using the WP EXtra plugin.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share