OpenHook < 4.3.1 - Subscriber+ Remote Code Execution

2023-10-0100:00:00

wpscan.com

openhook

plugin

security

remote code execution

subscriber+

6.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.5%

JSON

Description The plugin does not prevent low-privileged users like subscribers from using its ‘php’ shortcode feature, leading to potential Remote Code Execution.

CPENameOperatorVersion
eq4.3.1

CPE	Name	Operator	Version
		eq	4.3.1

References

www.wordfence.com/threat-intel/vulnerabilities/id/37b9ed0e-5af2-47c1-b2da-8d103e4c31bf