What is the severity of CVE-2023-5561?

The severity of CVE-2023-5561 is medium with a CVSS score of 5.3.

What is the affected software for CVE-2023-5561?

The Popup Builder WordPress plugin versions 4.1.15 and earlier are affected.

How can a high privilege user exploit CVE-2023-5561?

A high privilege user such as an admin can exploit CVE-2023-5561 to perform Stored Cross-Site Scripting attacks.

Can CVE-2023-5561 be exploited even if unfiltered_html capability is disallowed?

Yes, CVE-2023-5561 can be exploited even when the unfiltered_html capability is disallowed.

Is there a fix for CVE-2023-5561?

Yes, make sure to update the Popup Builder WordPress plugin to version 4.1.16 or later to fix CVE-2023-5561.

Vulnerability/
CVE-2023-5561

medium

5.3

CWE

200

16/10/2023

20/11/2023

CVE-2023-5561: WordPress < 6.3.2 - Unauthenticated Post Author Email Disclosure

First published: Mon Oct 16 2023(Updated: )

The Popup Builder WordPress plugin through 4.1.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Credit: contact@wpscan.com contact@wpscan.com

Affected Software	Affected Version	How to fix
WordPress WordPress	>=4.7<4.7.27
WordPress WordPress	>=4.8<4.8.23
WordPress WordPress	>=4.9<4.9.24
WordPress WordPress	>=5.0<5.0.20
WordPress WordPress	>=5.1<5.1.17
WordPress WordPress	>=5.2<5.2.19
WordPress WordPress	>=5.3<5.3.16
WordPress WordPress	>=5.4<5.4.14
WordPress WordPress	>=5.5<5.5.13
WordPress WordPress	>=5.6<5.6.12
WordPress WordPress	>=5.7<5.7.10
WordPress WordPress	>=5.8<5.8.8
WordPress WordPress	>=5.9<5.9.8
WordPress WordPress	>=6.0<6.0.6
WordPress WordPress	>=6.1<6.1.4
WordPress WordPress	>=6.2<6.2.3
WordPress WordPress	>=6.3<6.3.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-5561?
The severity of CVE-2023-5561 is medium with a CVSS score of 5.3.
What is the affected software for CVE-2023-5561?
The Popup Builder WordPress plugin versions 4.1.15 and earlier are affected.
How can a high privilege user exploit CVE-2023-5561?
A high privilege user such as an admin can exploit CVE-2023-5561 to perform Stored Cross-Site Scripting attacks.
Can CVE-2023-5561 be exploited even if unfiltered_html capability is disallowed?
Yes, CVE-2023-5561 can be exploited even when the unfiltered_html capability is disallowed.
Is there a fix for CVE-2023-5561?
Yes, make sure to update the Popup Builder WordPress plugin to version 4.1.16 or later to fix CVE-2023-5561.

collector/mitre-cve
agent/weakness
agent/severity
agent/title
agent/references
agent/author
agent/type
agent/event
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-index
vendor/wordpress
canonical/wordpress wordpress
version/wordpress wordpress/4.7
version/wordpress wordpress/4.8
version/wordpress wordpress/4.9
version/wordpress wordpress/5.0
version/wordpress wordpress/5.1
version/wordpress wordpress/5.2
version/wordpress wordpress/5.3
version/wordpress wordpress/5.4
version/wordpress wordpress/5.5
version/wordpress wordpress/5.6
version/wordpress wordpress/5.7
version/wordpress wordpress/5.8
version/wordpress wordpress/5.9
version/wordpress wordpress/6.0
version/wordpress wordpress/6.1
version/wordpress wordpress/6.2
version/wordpress wordpress/6.3