Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2023-5957

๐Ÿ—“๏ธย 08 Jan 2024ย 19:00:32Reported byย WPScanTypeย 
cve
ย cve๐Ÿ”—ย web.nvd.nist.gov๐Ÿ‘ย 57ย Views๐ŸŒ WEB

The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 allows arbitrary file upload, triggering RCE vulnerability

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
Circl		CVE-2023-5957
8 Jan 202420:27
โ€“circl
CNNVD		WordPress Plugin Ni Purchase Order(PO) For WooCommerce Security Vulnerability
8 Jan 202400:00
โ€“cnnvd
Cvelist		CVE-2023-5957 Ni Purchase Order(PO) For WooCommerce <= 1.2.1 - Admin+ File Upload to Remote Code Execution
8 Jan 202419:00
โ€“cvelist
NVD		CVE-2023-5957
8 Jan 202419:15
โ€“nvd
OSV		CVE-2023-5957
8 Jan 202419:15
โ€“osv
Prion		Code injection
8 Jan 202419:15
โ€“prion
Positive Technologies		PT-2024-14851 ยท WordPress ยท Ni Purchase Order(Po) For Woocommerce
8 Jan 202400:00
โ€“ptsecurity
RedhatCVE		CVE-2023-5957
23 May 202505:07
โ€“redhatcve
Vulnrichment		CVE-2023-5957 Ni Purchase Order(PO) For WooCommerce <= 1.2.1 - Admin+ File Upload to Remote Code Execution
8 Jan 202419:00
โ€“vulnrichment
wpexploit		Ni Purchase Order(PO) For WooCommerce <= 1.2.1 - Admin+ File Upload to Remote Code Execution
12 Dec 202300:00
โ€“wpexploit
Rows per page
NVD
Vulners
Node
naziinfotechni_purchase_order(po)_for_woocommerceRangeโ‰ค1.2.1wordpress
[
  {
    "vendor": "Unknown",
    "product": "Ni Purchase Order(PO) For WooCommerce",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "1.2.1"
      }
    ],
    "defaultStatus": "affected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]
ParameterPositionPathDescriptionCWE
logorequest body/wordpress/wp-admin/admin.php?page=niwoopo-settingUnauthenticated or high-privilege upload of arbitrary files via settings leads to RCE by uploading a web shellCWE-434
signaturerequest body/wordpress/wp-admin/admin.php?page=niwoopo-settingUnauthenticated or high-privilege upload of arbitrary files via settings leads to RCE by uploading a web shellCWE-434
cmdquery param/wordpress/wp-content/uploads/ni-purchase-order/cmd.php?cmd=lsAccessing an uploaded web shell via cmd parameter triggers command execution (RCE)CWE-434

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Jun 2026 06:49Current
6.8Medium risk
Vulners AI Score6.8
CVSS 3.17.2
EPSS0.00876
SSVC
CWE-434
ni purchase orderwoocommercewordpresspluginarbitrary file uploadrcevulnerabilitycve-2023-5957nvd
57