CVE-2023-3713

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jul 18, 2023

Updated: Nov 7, 2023

Summary

CVE-2023-3713 is a vulnerability affecting the ProfileGrid plugin for WordPress. This issue stems from a missing capability check on the 'profile_magic_check_smtp_connection' function, which exists in versions up to 5.5.1. As a result, authenticated attackers with subscriber-level permissions or above can arbitrarily update site options, leading to privilege escalation. This vulnerability poses a significant risk, as it enables unauthorized modifications that could potentially compromise the entire WordPress site.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sBiC7H
https://www.cve.org/CVERecord?id=CVE-2023-3713
https://nvd.nist.gov/vuln/detail/CVE-2023-3713

Back to Vulnerability Database

CVE-2023-3713

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations