Unrated severityNVD Advisory· Published Jan 16, 2024· Updated Jun 11, 2025
Newsletter Lite < 4.9.3 - Admin+ Command Injection
CVE-2023-4797
Description
The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <4.9.3
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/de169fc7-f388-4abb-ab94-12522fd1ac92/mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.