CVE-2023-5201

Summary

CVE-2023-5201 is a Remote Code Execution vulnerability affecting the OpenHook plugin for WordPress. Versions up to 4.3.0 of the plugin are vulnerable, allowing authenticated attackers with subscriber-level permissions or higher to execute code on the server. This vulnerability is exploited through the 'php' shortcode, which must be enabled on the vulnerable site for the attack to be successful. Successful exploitation grants attackers the ability to run arbitrary code on the server, posing a significant risk to sensitive data and system integrity. WordPress users are urged to update the OpenHook plugin as soon as possible to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.