VYPR
Critical severity9.0NVD Advisory· Published Oct 30, 2023· Updated Apr 8, 2026

CVE-2023-5843

CVE-2023-5843

Description

The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:datafeedr:ads_by_datafeedr.com:*:*:*:*:*:wordpress:*:*+ 1 more
    • cpe:2.3:a:datafeedr:ads_by_datafeedr.com:*:*:*:*:*:wordpress:*:*range: <=1.1.3
    • (no CPE)range: <=1.1.3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.