Sept. 30, 2023, 3:15 a.m. |

National Vulnerability Database web.nvd.nist.gov

The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the [php] shortcode setting to be enabled on the vulnerable site.

attackers code code execution cve permissions php plugin remote code remote code execution server vulnerable wordpress

Information Technology Specialist II: Information Security Engineer

@ WBCP, Inc. | Pasadena, CA.

Director of the Air Force Cyber Technical Center of Excellence (CyTCoE)

@ Air Force Institute of Technology | Dayton, OH, USA

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

Senior Cybersecurity Analyst - Digital Cybersecurity Analytics

@ Target | 7000 Target Pkwy N,NCD-0375 Brooklyn Park,MN 55445

Security Consulting Automation Developer (Unit 42)

@ Palo Alto Networks | Reston, VA, United States

Technical Consultant - Microsoft

@ AppDirect | Chicago, United States