CVE-2023-54352

WordPress Seotheme Remote Code Execution Unauthenticated

CVSS 9.3 CRITICALEPSS 0.6%CWE-306

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands and upload additional files for persistent access.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

WP Travel Kit · Travelscape

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/51789unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/51789 https://www.vulncheck.com/advisories/wordpress-seotheme-remote-code-execution-unauthenticated