CVSS 3.1 Score 4.3 of 10 (medium)


Published Jan 15, 2024
Updated: Jan 19, 2024
CWE ID 862


CVE-2023-6066 is a vulnerability found in the WP Custom Widget area WordPress plugin version 1.2.5 and earlier. This vulnerability allows attackers with "subscriber+" privilege to create, delete, or modify menus on the site. The potential danger of this vulnerability is that it could lead to unauthorized access and manipulation of menus, which could disrupt the functionality and integrity of the affected website. To remediate this vulnerability, users should update the plugin to the latest version available, which would include proper capability and nonce checks on its AJAX action callback functions.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-6066 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options