CVE-2023-53872

N/A Unknown
Published: December 15, 2025 Modified: December 16, 2025
View on NVD

Description

Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/metinyesil/wp2fac
Source: disclosure@vulncheck.com
https://www.exploit-db.com/exploits/51717
Source: disclosure@vulncheck.com
https://www.vulncheck.com/advisories/wpfac-os-command-injection-via-sendphp-endpoint
Source: disclosure@vulncheck.com

3 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
1.0%
76th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-78

Related CVEs

CVE-2025-69261 N/A
CVE-2025-69257 6.7
CVE-2025-69210 N/A
CVE-2025-66823 N/A
CVE-2025-50343 N/A