Lucene search

[email protected]NVD:CVE-2023-4797

HistoryJan 16, 2024 - 4:15 p.m.

CVE-2023-4797

2024-01-1616:15:13

CWE-77

[email protected]

web.nvd.nist.gov

newsletters plugin

wordpress

sql queries

shell commands

arbitrary commands

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

19.0%

JSON

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.

Affected configurations

NVD

Node

tribulantnewslettersRange<4.9.3wordpress

References

wpscan.com/vulnerability/de169fc7-f388-4abb-ab94-12522fd1ac92/

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

19.0%

JSON

Related for NVD:CVE-2023-4797

wpvulndb1 prion1 wpexploit1 cve1 cvelist1