CVE-2023-5707

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Nov 3, 2023
Updated: Nov 13, 2023
CWE ID 79

Summary

CVE-2023-5707 is a vulnerability affecting the SEO Slider plugin for WordPress in all versions up to and including 1.1.0. The vulnerability allows authenticated attackers with contributor-level or higher permissions to inject arbitrary web scripts in pages using the plugin's 'slider' shortcode and post meta, due to insufficient input sanitization and output escaping on user supplied attributes. This can lead to stored cross-site scripting attacks, where the injected scripts execute whenever a user accesses an affected page. The vulnerability has a base severity of MEDIUM, with a base score of 6.4 according to CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N vector string. There is a low level of privilege required for exploitation, and no user interaction is needed. The affected products include various versions of WordPress plugins (identified by their product codes starting with 't0W1s') that have SEO Slider installed. To remediate this vulnerability, users are advised to update the SEO Slider plugin to a patched version or apply any available security patches provided by the plugin developer.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-5707 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options