CVE-2023-5583

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 30, 2023
Updated: Nov 13, 2023
CWE ID 502

Summary

CVE-2023-5583 is a vulnerability found in the WP Simple Galleries plugin for WordPress versions up to and including 1.34. The vulnerability allows authenticated attackers with contributor-level permissions and above to inject a PHP object through deserialization of untrusted input from the 'wpsimplegallery_gallery' post meta via the 'wpsgallery' shortcode. This vulnerability does not include a POP (Privilege of Persistence) chain within the plugin itself, but if a POP chain is present through an additional plugin or theme installed on the system, it can enable the attacker to delete files, retrieve sensitive data, or execute arbitrary code. The exploit has a base severity rating of HIGH and poses risks to confidentiality, integrity, and availability of the affected systems. It has an exploitability score of 2.8 and a base score of 8.8 according to CVSS:3.1 metrics. The source of this information is security@wordfence.com.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-5583 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options