CVSS 3.1 Score 9.8 of 10 (high)


Published Nov 6, 2023
Updated: Nov 14, 2023
CWE ID 434


CVE-2023-5601 is a critical vulnerability in the WooCommerce Ninja Forms Product Add-ons WordPress plugin before version 1.7.1. The vulnerability allows unauthenticated users to upload arbitrary files to the server, potentially leading to remote code execution (RCE). This vulnerability has a base severity score of 9.8 out of 10 and high impacts on integrity and confidentiality. It does not require any privileges or user interaction, making it accessible over the network. The affected product is the WooCommerce Ninja Forms Product Add-ons plugin, and organizations can remediate this vulnerability by updating to version 1.7.1 or later.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-5601 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options