CVSS 3.1 Score 9.9 of 10 (high)


Published Sep 30, 2023
Updated: Nov 7, 2023


CVE-2023-5201 is a vulnerability in the OpenHook plugin for WordPress, affecting versions up to and including 4.3.0. The vulnerability allows authenticated attackers with subscriber-level permissions or higher to execute remote code on the server using the 'php' shortcode. To exploit this vulnerability, the [php] shortcode setting must be enabled on the vulnerable site. The base severity of this vulnerability is rated as CRITICAL, with a base score of 9.9 out of 10. The impact includes high integrity and confidentiality impacts, with a low attack complexity and high availability impact. It is advised to update the OpenHook plugin to a patched version or disable the [php] shortcode setting to remediate this vulnerability and prevent potential code execution by attackers.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-5201 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options