Arbitrary Command Execution in Newsletters WordPress Plugin

Arbitrary Command Execution in Newsletters WordPress Plugin

CVE-2023-4797 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.

Learn more about our Wordpress Pen Testing.