CVE-2023-5614

Summary

CVE-2023-5614 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Theme Switcha plugin for WordPress. This issue, present in all versions up to 3.3, stems from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'theme_switcha_list' shortcode. This weakness enables authenticated attackers with contributor-level and above permissions to inject malicious scripts, which will execute whenever a user accesses an injected page. Successful exploitation of this vulnerability can lead to unintended website functionality or data exposure, posing a significant security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.