Lucene search
HistoryJan 16, 2024 - 4:15 p.m.
CVE-2023-4797
cve-2023-4797
newsletters
wordpress
plugin
sql injection
command injection
security vulnerability
nvd
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.0005 Low
EPSS
Percentile
19.1%
The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.
Affected configurations
Node
wysija_newsletters_projectwysija_newslettersRange<4.9.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wysija_newsletters_project | wysija_newsletters | * | cpe:2.3:a:wysija_newsletters_project:wysija_newsletters:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Newsletters",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "4.9.3"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
Newsletter Lite < 4.9.3 - Admin+ Command Injection
2023-10-05 00:00:00
prion
prion
Sql injection
2024-01-16 16:15:00
nvd
nvd
CVE-2023-4797
2024-01-16 16:15:13
wpexploit
wpexploit
Newsletter Lite < 4.9.3 - Admin+ Command Injection
2023-10-05 00:00:00
cvelist
cvelist
CVE-2023-4797 Newsletter Lite < 4.9.3 - Admin+ Command Injection
2024-01-16 15:56:40
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.0005 Low
EPSS
Percentile
19.1%
Related for CVE-2023-4797