The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily.


https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5843
The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily.
2023-10-30T14:15:10Z

Source: CVEAnnouncements
Source Link: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5843