CVSS 3.1 Score 4.3 of 10 (medium)


Published Nov 7, 2023
Updated: Nov 14, 2023
CWE ID 352


The CVE-2023-5975 vulnerability affects the ImageMapper plugin for WordPress versions up to and including 1.2.6. It is categorized as a Cross-Site Request Forgery (CSRF) vulnerability, specifically a CWE-352. This vulnerability occurs due to missing or incorrect nonce validation on multiple functions, allowing unauthenticated attackers to update the plugin settings through a forged request. The exploitability score is 2.8 out of 10, with a base severity of medium (4.3 out of 10). The potential danger posed to an organization includes low integrity impact and no confidentiality impact, but it requires user interaction and network access. Remediation should involve updating the affected ImageMapper plugin to a version that fixes the CSRF vulnerability.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-5975 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options