CVE-2023-5311 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-5311 PUBLISHED CVSS 8.800000190734863 HIGH

The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the contents of the .htaccess files located in a site's root directory or /wp-content and /wp-includes folders and achieve remote code execution.

EPSS 6.59% · 91.1th percentile

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

6.59%

91.1th percentile

Affected Products

Vendor	Product	Versions
wpvnteam	wp_extra	0
wpvncom	WP EXtra	*

Timeline

Oct 25, 2023 EPSS Score
Oct 25, 2023 CVE Published
Nov 24, 2023 EPSS Score
Jan 24, 2024 EPSS Score
Feb 24, 2024 EPSS Score
Mar 25, 2024 EPSS Score
Apr 24, 2024 EPSS Score
Jun 24, 2024 EPSS Score
Jul 24, 2024 EPSS Score
Aug 24, 2024 EPSS Score
Sep 23, 2024 EPSS Score
Oct 5, 2024 Coalition ESS Score

References

Open in Interactive Console →