Cyber Resilience

CVE-2023-6077

MediumPublic PoC

Published: 18 December 2023

Published
18 December 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0026 49.8th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-6077 is a medium-severity an unspecified weakness vulnerability in Wpfrank Slider Factory Pro. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Information Repositories (T1213); ranked at the 49.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the…

more

content arbitrary post such as private, draft and password protected

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1213 Data from Information Repositories Collection
Adversaries may leverage information repositories to mine valuable information.
Why these techniques?

The vulnerability enables authenticated low-privilege users (e.g., subscribers) to bypass access controls and collect arbitrary post content (private, draft, password-protected) from the WordPress CMS via an unauthenticated AJAX endpoint, mapping to data collection from an information repository.

Affected Assets

wpfrank
slider factory pro
≤ 3.5.12

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References