CVE-2023-5974

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 27, 2023

Updated: Dec 1, 2023

CWE ID 918

Summary

CVE-2023-5974 is a newly identified vulnerability affecting the WPB Show Core WordPress plugin before version 2.2. This issue allows an attacker to perform Server-Side Request Forgery (SSRF) attacks by manipulating the `path` parameter. SSRF vulnerabilities can be exploited to make unauthorized requests to internal servers or services, potentially leading to information disclosure, unauthorized system access, or other malicious activities. WordPress site administrators are advised to update their plugins to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tTOj7n
https://www.cve.org/CVERecord?id=CVE-2023-5974
https://nvd.nist.gov/vuln/detail/CVE-2023-5974

Back to Vulnerability Database

CVE-2023-5974

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations