CVE-2023-5201

Опубликовано: 30 сент. 2023

Источник: nvd

CVSS3: 9.9

CVSS3: 8.8

EPSS Низкий

Описание

The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the [php] shortcode setting to be enabled on the vulnerable site.

Ссылки

https://plugins.trac.wordpress.org/browser/thesis-openhook/tags/4.3.0/inc/shortcodes.php#L28
Third Party Advisory
https://plugins.trac.wordpress.org/browser/thesis-openhook/tags/4.3.1/inc/shortcodes.php?rev=2972840#L24
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/37b9ed0e-5af2-47c1-b2da-8d103e4c31bf?source=cve
Third Party Advisory
https://plugins.trac.wordpress.org/browser/thesis-openhook/tags/4.3.0/inc/shortcodes.php#L28
Third Party Advisory
https://plugins.trac.wordpress.org/browser/thesis-openhook/tags/4.3.1/inc/shortcodes.php?rev=2972840#L24
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/37b9ed0e-5af2-47c1-b2da-8d103e4c31bf?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rickbeckman:openhook:*:*:*:*:wordpress:*:*:*

Версия до 4.3.0 (включая)

EPSS

Процентиль: 91%

0.07003

Низкий

9.9 Critical

CVSS3

8.8 High

CVSS3

Дефекты

Связанные уязвимости

GHSA-52wg-h24c-3wgr

CVSS3: 9.9

github

больше 2 лет назад

EPSS

Процентиль: 91%

0.07003

Низкий

9.9 Critical

CVSS3

8.8 High

CVSS3