CVE-2023-5957

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Jan 8, 2024

Updated: Jan 11, 2024

CWE ID 434

Summary

CVE-2023-5957 is a newly identified vulnerability affecting the Ni Purchase Order plugin for WooCommerce used in WordPress. The issue lies in the lack of validation for logo and signature image files uploaded in the plugin settings, enabling high-privileged users to upload arbitrary files, including malicious web shells, to the web server. This vulnerability can result in remote code execution (RCE), potentially leading to severe security implications for affected WordPress sites. Users are advised to update the plugin to the latest version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tQwdeo
https://www.cve.org/CVERecord?id=CVE-2023-5957
https://nvd.nist.gov/vuln/detail/CVE-2023-5957

Back to Vulnerability Database

CVE-2023-5957

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations