CVE-2023-54352
CriticalCVSS 9.8Summary
WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands and upload additional files for persistent access.
Risk Assessment
This vulnerability poses a serious risk to organizations, allowing attackers to remotely execute code and potentially take control of the system. This could lead to data loss, privacy breaches, and the deletion or alteration of critical files.
Recommendation
It is recommended to immediately remove or update the Seotheme to the latest version to mitigate this vulnerability. Additionally, implementing security measures such as file scanning and restricting file upload capabilities for users is advisable.
Original NVD description (English source)
WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands and upload additional files for persistent access.

