CVE-2023-1273

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jul 4, 2023

Updated: Nov 7, 2023

Summary

CVE-2023-1273 is a vulnerability affecting the ND Shortcodes plugin for WordPress. Before version 7.0, the plugin fails to validate certain shortcode attributes, allowing authenticated users, including subscribers, to execute Local File Inclusion (LFI) attacks. By manipulating these attributes, attackers can include malicious files on the targeted site, potentially leading to data theft or unauthorized system access. This issue highlights the importance of input validation in WordPress plugins to prevent security breaches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rt-uWS
https://www.cve.org/CVERecord?id=CVE-2023-1273
https://nvd.nist.gov/vuln/detail/CVE-2023-1273

Back to Vulnerability Database

CVE-2023-1273

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations