CVE-2023-5565
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Published Oct 30, 2023
Updated: Nov 7, 2023
Summary
CVE-2023-5565 is a Stored Cross-Site Scripting vulnerability affecting the Shortcode Menu plugin for WordPress. This issue, present in versions up to 3.2, stems from insufficient input sanitization and output escaping on user-supplied attributes in the 'shortmenu' shortcode. Consequently, authenticated attackers with contributor-level permissions or higher can inject arbitrary web scripts. Upon accessing an injected page, these scripts will execute, posing a significant security risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share