Platform
wordpress
Component
thesis-openhook
Fixed in
4.3.1
4.3.1
CVE-2023-5201 is a critical Remote Code Execution (RCE) vulnerability discovered in the OpenHook WordPress plugin. This vulnerability allows authenticated attackers, even those with subscriber-level permissions, to execute arbitrary code on the server. The issue affects versions of OpenHook up to and including 4.3.0, and a fix is available in version 4.3.1.
The impact of CVE-2023-5201 is severe. An attacker who can successfully exploit this vulnerability gains complete control over the WordPress server. This could lead to data breaches, website defacement, malware installation, and complete compromise of the hosting environment. The requirement for subscriber-level permissions significantly broadens the attack surface, as many WordPress installations have numerous users with this level of access. This vulnerability shares similarities with other shortcode-based RCE vulnerabilities, where improper sanitization allows for code injection.
CVE-2023-5201 was publicly disclosed on September 30, 2023. While no active exploitation campaigns have been definitively confirmed, the vulnerability's critical severity and ease of exploitation make it a high-priority target. It is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are likely to emerge, increasing the risk of widespread exploitation.
Exploit Status
EPSS
7.00% (91% percentile)
CVSS Vector
The primary mitigation for CVE-2023-5201 is to immediately upgrade the OpenHook plugin to version 4.3.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, temporarily disable the [php] shortcode within the plugin's settings. Consider implementing a Web Application Firewall (WAF) rule to block requests containing the [php] shortcode. Monitor WordPress access logs for suspicious activity related to the shortcode, such as unusual parameter values or unexpected file access attempts. After upgrading, confirm the vulnerability is resolved by attempting to execute a benign PHP command through the shortcode and verifying that it is blocked.
Actualice el plugin OpenHook a la versión 4.3.1 o superior. Esta versión corrige la vulnerabilidad de ejecución remota de código. Deshabilitar el shortcode '[php]' también mitiga el riesgo si no es posible actualizar inmediatamente.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2023-5201 is a critical Remote Code Execution vulnerability in the OpenHook WordPress plugin affecting versions up to 4.3.0. It allows authenticated attackers to execute code on the server via the [php] shortcode.
You are affected if you are using OpenHook WordPress plugin version 4.3.0 or earlier and the [php] shortcode is enabled. Check your plugin version and shortcode settings immediately.
Upgrade the OpenHook plugin to version 4.3.1 or later. If upgrading is not possible, temporarily disable the [php] shortcode within the plugin's settings.
While no confirmed active exploitation campaigns have been reported, the vulnerability's severity and ease of exploitation make it a high-priority target. Exploitation is likely.
Refer to the OpenHook plugin's official website or WordPress plugin repository for the latest advisory and update information: [https://wordpress.org/plugins/openhook/](https://wordpress.org/plugins/openhook/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.