CVE-2023-5640
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Nov 20, 2023
Updated: Nov 27, 2023
CWE ID 89
Summary
CVE-2023-5640 is a vulnerability affecting the Article Analytics plugin for WordPress. The issue arises from insufficient sanitization and escaping of user input in an SQL statement used within an unauthenticated AJAX action, making it possible for attackers to execute SQL injection attacks. This shortcoming can result in unauthorized access, data theft, or website defacement. Users are advised to update the plugin or remove it from their sites to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share