CVE-2023-5448

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 11, 2024
Updated: Jan 16, 2024

Summary

CVE-2023-5448 is a vulnerability found in the WP Register Profile With Shortcode plugin for WordPress versions up to and including 3.5.9. This vulnerability allows unauthenticated attackers to reset a user's password through Cross-Site Request Forgery (CSRF) by exploiting missing or incorrect nonce validation on the update_password_validate function. The attack can be carried out by tricking the user into performing an action, such as clicking on a malicious link. The impact of this vulnerability is considered high, with a base severity score of 8.8 out of 10, as it can lead to unauthorized access and potential compromise of confidential information within an organization. To remediate the issue, users should update the plugin to a version that includes proper nonce validation.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-5448 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options