CVE-2023-5311
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2023-5311 is a vulnerability affecting the WP EXtra plugin for WordPress. Authenticated attackers with subscriber-level permissions and above can exploit this issue by bypassing capability checks on the register() function in versions up to 6.2. This allows them to modify the contents of .htaccess files, located in the root directory and /wp-content and /wp-includes folders, potentially leading to remote code execution. This vulnerability poses a significant risk and requires immediate attention and patching from WordPress site owners using the WP EXtra plugin.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.