The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-01-16T15:56:40.507Z
Updated: 2024-08-02T07:38:00.494Z
Reserved: 2023-09-06T14:24:22.163Z
Link: CVE-2023-4797
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2024-01-16T16:15:13.400
Modified: 2024-01-23T14:25:23.557
Link: CVE-2023-4797
Redhat
No data.