CVE-2023-5137

Summary

CVE-2023-5137 is a vulnerability affecting the Simply Excerpts WordPress plugin before version 1.5. This issue permits high-privilege users, including administrators, to inject arbitrary web scripts into plugin settings, bypassing the unfiltered_html capability restriction, even in multisite environments. The plugin fails to sanitize and escape certain fields, leading to this security vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.