Content Spoofing and Phishing Vulnerability in Spectra
CVE-2023-23738

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Spectra
Vendor: CVE Published:; 3 June 2024

What is CVE-2023-23738?

A vulnerability exists in the Spectra plugin by Brainstorm Force, where improper neutralization of special elements in output has been identified. This permits attackers to exploit the injection flaw, which can lead to content spoofing and facilitate phishing attempts. The issue affects all versions up to and including 2.3.0, thereby posing significant risks to WordPress sites using this plugin. It is vital for users to update their installations and apply necessary security measures to mitigate the potential for exploitation.

Affected Version(s)

Spectra <= 2.3.0

References

https://patchstack.com/database/vulnerability/ultimate-ad...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2024
Vulnerability Reserved
Jan 17, 2023

Credit

Dave Jong (Patchstack)