CVE-2023-5843
published 2023-10-30CVE-2023-5843: The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads'…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.20%
80.3th percentile
The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| datafeedr | ads_by_datafeedr.com | <= 1.1.3 | — |
| datafeedrcom | ads_by_datafeedr.com | <= 1.1.3 | — |
| chrome_chrome | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
datafeedr.com Ads Plugin up to 1.1.3 on WordPress code injection
vuldb·2026-04-11·CVSS 9.0
CVE-2023-5843 [CRITICAL] datafeedr.com Ads Plugin up to 1.1.3 on WordPress code injection
A vulnerability classified as critical was found in datafeedr.com Ads Plugin up to 1.1.3 on WordPress. This issue affects some unknown processing. The manipulation results in code injection.
This vulnerability is reported as CVE-2023-5843. The attack can be launched remotely. No exploit exists.
GHSA
GHSA-97wj-4q63-7pp6: The Ads by datafeedr
ghsa_unreviewed·2023-10-30
CVE-2023-5843 [CRITICAL] CWE-94 GHSA-97wj-4q63-7pp6: The Ads by datafeedr
The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily.
Chrome
Stable Channel Update for Desktop: CVE-2024-5842
vendor_chrome·2024-06-11·CVSS 8.8
CVE-2024-5842 [MEDIUM] Stable Channel Update for Desktop: CVE-2024-5842
Stable Channel Update for Desktop
CVE-2024-5842: Use after free in Browser UI. Reported by Sven Dysthe (@svn_dy) on 2023-01-12 [$500][ 333940412 ] Medium CVE-2024-5843: Inappropriate implementation in Downloads
Reported by hjy79425575 on 2024-04-12 [TBD][ 331960660 ] Medium CVE-2024-5844: Heap buffer overflow in Tab Strip
Severity: medium
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/ads-by-datafeedrcom/tags/1.1.3/inc/dfads.class.php#L34https://plugins.trac.wordpress.org/changeset/2991088/ads-by-datafeedrcomhttps://www.wordfence.com/threat-intel/vulnerabilities/id/5412fd87-49bc-445c-8d16-443e38933d1e?source=cvehttps://plugins.trac.wordpress.org/browser/ads-by-datafeedrcom/tags/1.1.3/inc/dfads.class.php#L34https://www.wordfence.com/threat-intel/vulnerabilities/id/5412fd87-49bc-445c-8d16-443e38933d1e?source=cve
2023-10-30
Published