Vulnerability Details : CVE-2023-5098
The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 does not prevent users with low privileges (like subscribers) from overwriting any options on a site with the string "true", which could lead to a variety of outcomes, including DoS.
Vulnerability category: Denial of service
Products affected by CVE-2023-5098
- cpe:2.3:a:fatcatapps:campaign_monitor_optin_cat:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-5098
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-5098
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
2.8
|
5.2
|
NIST |
References for CVE-2023-5098
-
https://wpscan.com/vulnerability/3167a83c-291e-4372-a42e-d842205ba722
Just a moment...Exploit;Third Party Advisory
Jump to