The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/de169fc7-f388-4abb-ab94-12522fd1ac92/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2024-01-16T15:56:40.507Z
Updated: 2024-01-16T15:56:40.507Z
Reserved: 2023-09-06T14:24:22.163Z
Link: CVE-2023-4797
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-16T16:15:13.400
Modified: 2024-01-23T14:25:23.557
Link: CVE-2023-4797
JSON object: View
Redhat Information
No data.
CWE