High severity8.8NVD Advisory· Published Oct 25, 2023· Updated Apr 8, 2026

CVE-2023-5311

Description

The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the contents of the .htaccess files located in a site's root directory or /wp-content and /wp-includes folders and achieve remote code execution. CVE-2023-46623 appears to be a duplicate of this issue.

Affected products

Wpvnteam/Wp Extra
cpe:2.3:a:wpvnteam:wp_extra:*:*:*:*:*:wordpress:*:*
Range: <6.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changeset/2977703/wp-extranvdPatch
www.wordfence.com/threat-intel/vulnerabilities/id/87e3dd5e-0d77-4d78-8171-0beaf9482699nvdPatchThird Party Advisory
giongfnef.gitbook.io/giongfnef/cve/cve-2023-5311nvdExploitThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000