CVE-2023-5757

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Dec 11, 2023

Updated: Dec 13, 2023

CWE ID 79

Summary

CVE-2023-5757 is a vulnerability affecting the WP Crowdfunding plugin for WordPress. Before version 2.1.8, the plugin fails to sanitize and escape certain settings, making it susceptible to Stored Cross-Site Scripting (XSS) attacks. High privilege users, including admins, can exploit this issue even when the unfiltered_html capability is disabled, particularly in multisite setups. This vulnerability poses a significant risk to websites using the WP Crowdfunding plugin and requires immediate attention and patching to prevent potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Themeum Wp Crowdfunding

Affected Vendors

THEMEUM

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tIwTX9
https://www.cve.org/CVERecord?id=CVE-2023-5757
https://nvd.nist.gov/vuln/detail/CVE-2023-5757

Back to Vulnerability Database