CVE-2023-5604

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 27, 2023

Updated: Jul 12, 2024

CWE ID 94

CWE ID 434

Summary

CVE-2023-5604 is a vulnerability affecting the Asgaros Forum WordPress plugin before version 2.7.1. This issue grants forum administrators, who do not necessarily hold WordPress (super-)administrator privileges, the ability to set insecure configurations. Malicious users can exploit this flaw to upload dangerous files, such as .php and .phtml, potentially resulting in remote code execution. This vulnerability poses a significant risk to WordPress installations running the Asgaros Forum plugin and necessitates immediate updating to a secure version to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tCIRpP
https://www.cve.org/CVERecord?id=CVE-2023-5604
https://nvd.nist.gov/vuln/detail/CVE-2023-5604

Back to Vulnerability Database

CVE-2023-5604

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations