CVE-2023-5957

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Jan 8, 2024
Updated: Jan 11, 2024
CWE ID 434

Summary

CVE-2023-5957 is a high-severity vulnerability affecting the Ni Purchase Order(PO) For WooCommerce WordPress plugin through version 1.2.1. This vulnerability allows a high privileged user to upload arbitrary files, including web shells, to the web server without proper validation of logo and signature image files uploaded in the settings. The exploitability score for this vulnerability is 1.2 out of 10, indicating a relatively low level of difficulty for an attacker to exploit it. The base severity score is 7.2 out of 10, with high privileges required and no user interaction needed. The potential impact of this vulnerability is also high, with integrity and confidentiality being compromised. Organizations using this plugin should apply the necessary updates or patches to mitigate the risk posed by this vulnerability.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-5957 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options