Vulnerabilities > CVE-2023-5843 - Unspecified vulnerability in Datafeedr ADS BY Datafeedr.Com

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

datafeedr

critical

NVD

Published: 2023-10-30

Updated: 2023-11-13

Summary

The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily.

Vulnerable Configurations

Part	Description	Count
Application	Datafeedr Datafeedr ADS BY Datafeedr.Com *	1

References

https://plugins.trac.wordpress.org/browser/ads-by-datafeedrcom/tags/1.1.3/inc/dfads.class.php#L34
https://www.wordfence.com/threat-intel/vulnerabilities/id/5412fd87-49bc-445c-8d16-443e38933d1e?source=cve