Vulners
Lucene search
CVE-2023-5957
๐๏ธย 08 Jan 2024ย 19:00:32Reported byย WPScanTypeย 
ย cve๐ย web.nvd.nist.gov๐ย 48ย Views๐ WEB
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | CVE-2023-5957 | 8 Jan 202420:27 | โ | circl |
 | WordPress Plugin Ni Purchase Order(PO) For WooCommerce Security Vulnerability | 8 Jan 202400:00 | โ | cnnvd |
 | CVE-2023-5957 Ni Purchase Order(PO) For WooCommerce <= 1.2.1 - Admin+ File Upload to Remote Code Execution | 8 Jan 202419:00 | โ | cvelist |
 | CVE-2023-5957 | 8 Jan 202419:15 | โ | nvd |
 | CVE-2023-5957 | 8 Jan 202419:15 | โ | osv |
 | Code injection | 8 Jan 202419:15 | โ | prion |
 | PT-2024-14851 ยท WordPress ยท Ni Purchase Order(Po) For Woocommerce | 8 Jan 202400:00 | โ | ptsecurity |
 | CVE-2023-5957 | 23 May 202505:07 | โ | redhatcve |
 | CVE-2023-5957 Ni Purchase Order(PO) For WooCommerce <= 1.2.1 - Admin+ File Upload to Remote Code Execution | 8 Jan 202419:00 | โ | vulnrichment |
 | Ni Purchase Order(PO) For WooCommerce <= 1.2.1 - Admin+ File Upload to Remote Code Execution | 12 Dec 202300:00 | โ | wpexploit |
10
Node
[
{
"vendor": "Unknown",
"product": "Ni Purchase Order(PO) For WooCommerce",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "1.2.1"
}
],
"defaultStatus": "affected",
"collectionURL": "https://wordpress.org/plugins"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| page | path | wordpress/wp-admin/admin.php?page=niwoopo-setting | Vulnerability enabling arbitrary file upload in settings leading to RCE via uploaded web shell | CWE-434 |
| Logo upload field | path | wordpress/wp-admin/admin.php?page=niwoopo-setting | Vulnerability enabling arbitrary file upload in settings leading to RCE via uploaded web shell | CWE-434 |
| Signature upload field | path | wordpress/wp-admin/admin.php?page=niwoopo-setting | Vulnerability enabling arbitrary file upload in settings leading to RCE via uploaded web shell | CWE-434 |
| cmd | query param | wordpress/wp-content/uploads/ni-purchase-order/cmd.php?cmd=ls | Uploaded web shell accessible via web server executing system commands | CWE-434 |
Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Jun 2025 16:15Current
6.8Medium risk
Vulners AI Score6.8
CVSS 3.17.2
EPSS0.0056
SSVC