CVE-2023-6077
Published: 18 December 2023
Summary
CVE-2023-6077 is a medium-severity an unspecified weakness vulnerability in Wpfrank Slider Factory Pro. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Information Repositories (T1213); ranked at the 49.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-58333
Vulnerability details
The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the…
more
content arbitrary post such as private, draft and password protected
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables authenticated low-privilege users (e.g., subscribers) to bypass access controls and collect arbitrary post content (private, draft, password-protected) from the WordPress CMS via an unauthenticated AJAX endpoint, mapping to data collection from an information repository.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.