CVE-2023-5433

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Oct 31, 2023

Updated: Nov 7, 2023

Summary

CVE-2023-5433 is a vulnerability affecting the Message ticker plugin for WordPress. This issue allows authenticated attackers with subscriber-level and above permissions to perform SQL Injection attacks. The flaw stems from insufficient escaping of user-supplied parameters and a lack of preparation on existing SQL queries in plugin versions up to 9.2. As a result, attackers can append additional SQL queries to already existing ones, potentially extracting sensitive information from the database.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/s5tOxT
https://www.cve.org/CVERecord?id=CVE-2023-5433
https://nvd.nist.gov/vuln/detail/CVE-2023-5433

Back to Vulnerability Database

CVE-2023-5433

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations