Critical severity9.0NVD Advisory· Published Oct 30, 2023· Updated Apr 8, 2026
CVE-2023-5843
CVE-2023-5843
Description
The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:datafeedr:ads_by_datafeedr.com:*:*:*:*:*:wordpress:*:*+ 1 more
- cpe:2.3:a:datafeedr:ads_by_datafeedr.com:*:*:*:*:*:wordpress:*:*range: <=1.1.3
- (no CPE)range: <=1.1.3
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.