CVE-2023-5000

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 6, 2024

CWE ID 120

Summary

CVE-2023-5000: A vulnerability has been identified in the Horizontal scrolling announcements plugin for WordPress. This issue affects versions up to and including 2.4, and allows authenticated attackers with contributor-level permissions and above to execute SQL Injection attacks. The vulnerability stems from insufficient escaping on user-supplied parameters and a lack of sufficient preparation on existing SQL queries. Attackers can exploit this flaw to extract sensitive information from the database by appending additional SQL queries into existing ones.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

FFmpeg

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/trQxuI
https://www.cve.org/CVERecord?id=CVE-2023-5000
https://nvd.nist.gov/vuln/detail/CVE-2023-5000

Back to Vulnerability Database

CVE-2023-5000

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations