CVE-2023-5201

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Sep 30, 2023
Updated: Nov 7, 2023

Summary

CVE-2023-5201 is a Remote Code Execution vulnerability affecting the OpenHook plugin for WordPress. Versions up to 4.3.0 of the plugin are vulnerable, allowing authenticated attackers with subscriber-level permissions or higher to execute code on the server. This vulnerability is exploited through the 'php' shortcode, which must be enabled on the vulnerable site for the attack to be successful. Successful exploitation grants attackers the ability to run arbitrary code on the server, posing a significant risk to sensitive data and system integrity. WordPress users are urged to update the OpenHook plugin as soon as possible to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-5201 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions