CVE-2023-5943

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Jan 29, 2024

Updated: Feb 3, 2024

CWE ID 79

Summary

CVE-2023-5943 is a vulnerability affecting the Wp-Adv-Quiz WordPress plugin before version 1.0.3. This issue allows high privilege users, including admins, to execute Cross-Site Scripting (XSS) attacks. The plugin fails to sanitize and escape some of its settings, enabling attackers to inject malicious code into web pages, potentially leading to sensitive data theft or unauthorized access. Even when the unfiltered_html setting is disabled, the vulnerability remains exploitable.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tP_e8x
https://www.cve.org/CVERecord?id=CVE-2023-5943
https://nvd.nist.gov/vuln/detail/CVE-2023-5943

Back to Vulnerability Database

CVE-2023-5943

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations