Vulnerability Description
The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the [php] shortcode setting to be enabled on the vulnerable site.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rickbeckman | Openhook | <= 4.3.0 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/thesis-openhook/tags/4.3.0/inc/shortcThird Party Advisory
- https://plugins.trac.wordpress.org/browser/thesis-openhook/tags/4.3.1/inc/shortcThird Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/37b9ed0e-5af2-47c1-b2dThird Party Advisory
- https://plugins.trac.wordpress.org/browser/thesis-openhook/tags/4.3.0/inc/shortcThird Party Advisory
- https://plugins.trac.wordpress.org/browser/thesis-openhook/tags/4.3.1/inc/shortcThird Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/37b9ed0e-5af2-47c1-b2dThird Party Advisory
FAQ
What is CVE-2023-5201?
CVE-2023-5201 is a vulnerability with a CVSS score of 9.9 (CRITICAL). The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level perm...
How severe is CVE-2023-5201?
CVE-2023-5201 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-5201?
Check the references section above for vendor advisories and patch information. Affected products include: Rickbeckman Openhook.