Vulnerability Description
The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Datafeedr | Ads By Datafeedr.Com | <= 1.1.3 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/ads-by-datafeedrcom/tags/1.1.3/inc/dfExploit
- https://plugins.trac.wordpress.org/changeset/2991088/ads-by-datafeedrcom
- https://www.wordfence.com/threat-intel/vulnerabilities/id/5412fd87-49bc-445c-8d1Third Party Advisory
- https://plugins.trac.wordpress.org/browser/ads-by-datafeedrcom/tags/1.1.3/inc/dfExploit
- https://www.wordfence.com/threat-intel/vulnerabilities/id/5412fd87-49bc-445c-8d1Third Party Advisory
FAQ
What is CVE-2023-5843?
CVE-2023-5843 is a vulnerability with a CVSS score of 9.0 (CRITICAL). The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attacke...
How severe is CVE-2023-5843?
CVE-2023-5843 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-5843?
Check the references section above for vendor advisories and patch information. Affected products include: Datafeedr Ads By Datafeedr.Com.