Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2023-4797
HistoryJan 16, 2024 - 3:56 p.m.

CVE-2023-4797 Newsletter Lite < 4.9.3 - Admin+ Command Injection

2024-01-1615:56:40
WPScan
www.cve.org
wordpress
plugin
command injection
vulnerability
server

0.0005 Low

EPSS

Percentile

19.0%

JSON

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Newsletters",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "4.9.3"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Related

wpvulndb 1
prion 1
nvd 1
wpexploit 1
cve 1
wpvulndb
wpvulndb
Newsletter Lite < 4.9.3 - Admin+ Command Injection
2023-10-05 00:00:00
prion
prion
Sql injection
2024-01-16 16:15:00
nvd
nvd
CVE-2023-4797
2024-01-16 16:15:13
wpexploit
wpexploit
Newsletter Lite < 4.9.3 - Admin+ Command Injection
2023-10-05 00:00:00
cve
cve
CVE-2023-4797
2024-01-16 16:15:13

0.0005 Low

EPSS

Percentile

19.0%

JSON
Related for CVELIST:CVE-2023-4797
wpvulndb1prion1nvd1wpexploit1cve1