プラットフォーム
wordpress
コンポーネント
thesis-openhook
修正版
4.3.1
4.3.1
CVE-2023-5201 is a critical Remote Code Execution (RCE) vulnerability discovered in the OpenHook WordPress plugin. This vulnerability allows authenticated attackers, even those with subscriber-level permissions, to execute arbitrary code on the server. The issue affects versions of OpenHook up to and including 4.3.0, and a fix is available in version 4.3.1.
The impact of CVE-2023-5201 is severe. An attacker who can successfully exploit this vulnerability gains complete control over the WordPress server. This could lead to data breaches, website defacement, malware installation, and complete compromise of the hosting environment. The requirement for subscriber-level permissions significantly broadens the attack surface, as many WordPress installations have numerous users with this level of access. This vulnerability shares similarities with other shortcode-based RCE vulnerabilities, where improper sanitization allows for code injection.
CVE-2023-5201 was publicly disclosed on September 30, 2023. While no active exploitation campaigns have been definitively confirmed, the vulnerability's critical severity and ease of exploitation make it a high-priority target. It is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are likely to emerge, increasing the risk of widespread exploitation.
WordPress websites utilizing the OpenHook plugin, particularly those with multiple users holding subscriber-level permissions, are at significant risk. Shared hosting environments where multiple websites share the same server are also vulnerable, as a compromise of one site could potentially lead to the compromise of others.
• wordpress / composer / npm:
grep -r '[php] shortcode' /var/www/html/wp-content/plugins/openhook/• wordpress / composer / npm:
wp plugin list | grep openhook• wordpress / composer / npm:
wp plugin status openhook• generic web: Check WordPress access logs for requests containing the [php] shortcode, especially those originating from unusual IP addresses.
disclosure
エクスプロイト状況
EPSS
7.00% (91% パーセンタイル)
CVSS ベクトル
The primary mitigation for CVE-2023-5201 is to immediately upgrade the OpenHook plugin to version 4.3.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, temporarily disable the [php] shortcode within the plugin's settings. Consider implementing a Web Application Firewall (WAF) rule to block requests containing the [php] shortcode. Monitor WordPress access logs for suspicious activity related to the shortcode, such as unusual parameter values or unexpected file access attempts. After upgrading, confirm the vulnerability is resolved by attempting to execute a benign PHP command through the shortcode and verifying that it is blocked.
OpenHookプラグインをバージョン4.3.1以降にアップデートしてください。このバージョンはリモートコード実行の脆弱性を修正しています。すぐにアップデートできない場合は、[php]ショートコードを無効にすることでリスクを軽減できます。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2023-5201 is a critical Remote Code Execution vulnerability in the OpenHook WordPress plugin affecting versions up to 4.3.0. It allows authenticated attackers to execute code on the server via the [php] shortcode.
You are affected if you are using OpenHook WordPress plugin version 4.3.0 or earlier and the [php] shortcode is enabled. Check your plugin version and shortcode settings immediately.
Upgrade the OpenHook plugin to version 4.3.1 or later. If upgrading is not possible, temporarily disable the [php] shortcode within the plugin's settings.
While no confirmed active exploitation campaigns have been reported, the vulnerability's severity and ease of exploitation make it a high-priority target. Exploitation is likely.
Refer to the OpenHook plugin's official website or WordPress plugin repository for the latest advisory and update information: [https://wordpress.org/plugins/openhook/](https://wordpress.org/plugins/openhook/)
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。