PT-2023-32374 · WordPress · Ads By Datafeedr.Com
István Márton
+1
·
Published
2023-10-30
·
Updated
2023-11-13
·
CVE-2023-5843
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Ads by datafeedr.com plugin for WordPress versions up to, and including, 1.1.3
Description
The issue allows unauthenticated attackers to execute code on the server via the
dfads ajax load ads function. This function has limited parameters that cannot be specified arbitrarily, allowing for remote code execution.Recommendations
For versions up to, and including, 1.1.3, consider disabling the
dfads ajax load ads function as a temporary workaround until a patch is available.Exploit
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ads By Datafeedr.Com