VYPR
Critical severity9.9NVD Advisory· Published Oct 30, 2023· Updated Apr 8, 2026No known patch

CVE-2023-5199

CVE-2023-5199

Description

The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially execute code on the server. While subscribers may need to poison log files or otherwise get a file installed in order to achieve remote code execution, author and above users can upload files by default and achieve remote code execution easily.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:php_to_page_project:php_to_page:*:*:*:*:*:wordpress:*:*+ 1 more
    • cpe:2.3:a:php_to_page_project:php_to_page:*:*:*:*:*:wordpress:*:*range: <=0.3
    • (no CPE)range: <=0.3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.