The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the [php] shortcode setting to be enabled on the vulnerable site.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-09-30T02:33:28.344Z

Updated: 2024-08-02T07:52:07.974Z

Reserved: 2023-09-26T13:05:01.712Z

Link: CVE-2023-5201

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-09-30T03:15:09.547

Modified: 2024-11-21T08:41:17.460

Link: CVE-2023-5201

cve-icon Redhat

No data.