CVE-2023-5707

Summary

CVE-2023-5707 is a vulnerability affecting the SEO Slider plugin for WordPress in all versions up to and including 1.1.0. The vulnerability allows authenticated attackers with contributor-level or higher permissions to inject arbitrary web scripts in pages using the plugin's 'slider' shortcode and post meta, due to insufficient input sanitization and output escaping on user supplied attributes. This can lead to stored cross-site scripting attacks, where the injected scripts execute whenever a user accesses an affected page. The vulnerability has a base severity of MEDIUM, with a base score of 6.4 according to CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N vector string. There is a low level of privilege required for exploitation, and no user interaction is needed. The affected products include various versions of WordPress plugins (identified by their product codes starting with 't0W1s') that have SEO Slider installed. To remediate this vulnerability, users are advised to update the SEO Slider plugin to a patched version or apply any available security patches provided by the plugin developer.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.