CVE-2023-6373

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 16, 2024

Updated: Jan 23, 2024

CWE ID 89

Summary

CVE-2023-6373 is a critical vulnerability affecting the ArtPlacer Widget WordPress plugin before version 2.20.7. The issue arises from insufficient input validation, where the "id" parameter is not sanitized or escaped before being submitted to the query. This flaw opens the door for SQL injection attacks, which can be exploited by editors and higher-level users. Furthermore, due to the absence of a Cross-Site Request Forgery (CSRF) check, this vulnerability can potentially be exploited via a CSRF against a logged-in editor or user with higher privileges.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tmhG2V
https://www.cve.org/CVERecord?id=CVE-2023-6373
https://nvd.nist.gov/vuln/detail/CVE-2023-6373

Back to Vulnerability Database

CVE-2023-6373

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations