CVSS 3.1 Score 6.1 of 10 (medium)


Published Dec 26, 2023
Updated: Jan 4, 2024


The vulnerability with CVE ID CVE-2023-6268 affects the JSON Content Importer WordPress plugin before version 1.5.4. It allows for a Reflected Cross-Site Scripting attack, which can be used against high privilege users like admin. The vulnerability arises due to the plugin's failure to sanitize and escape the tab parameter before displaying it on the page. This vulnerability impacts a wide range of products, including those with the IDs rFFdwf, rFFdwe, rFFdwd, and many others listed in the source. To remediate this issue, users should update their JSON Content Importer plugin to version 1.5.4 or later. This vulnerability poses a medium-level risk to organizations, with a base score of 6.1 according to's rating, indicating potential unauthorized access and manipulation of data on affected websites.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-6268 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options