CVE-2023-5942

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Nov 27, 2023

Updated: Jul 12, 2024

CWE ID 79

Summary

CVE-2023-5942 is a vulnerability affecting the Medialist WordPress plugin before version 1.4.1. This issue permits users with the contributor role and above to execute Stored Cross-Site Scripting attacks. The plugin fails to validate and properly escape certain shortcode attributes, allowing malicious code to be injected into webpages where the shortcode is embedded. Successful exploitation can result in unauthorized website access, data theft, or other malicious activities. Users are advised to update to the latest version of the plugin to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tP84Q1
https://www.cve.org/CVERecord?id=CVE-2023-5942
https://nvd.nist.gov/vuln/detail/CVE-2023-5942

Back to Vulnerability Database

CVE-2023-5942

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations