Back

Critical Remote Code Execution Vulnerabilities in WordPress Plugins

Severity: High (Score: 67.5)

Sources: Cvefeed, www.vulncheck.com

Published: 2026-06-08 · Updated: 2026-06-08

Keywords: attackers, wordpress, code, contains, remote, execution, vulnerability

Severity indicators: vulnerability, ot, CVE:CVE-2023-54352, CVE:CVE-2023-54352

Summary

Two new CVEs, CVE-2023-54350 and CVE-2023-54352, have been published, both affecting WordPress plugins. CVE-2023-54350 pertains to the Augmented-Reality plugin, allowing unauthenticated attackers to execute arbitrary PHP files via the elFinder connector. Attackers can exploit this vulnerability by sending POST requests to create malicious files. CVE-2023-54352 affects the Seotheme plugin, enabling similar remote code execution by uploading malicious files to the theme directory. Both vulnerabilities are associated with CWE-306, indicating missing authentication for critical functions. No specific affected product versions have been recorded yet. The vulnerabilities were published on June 8, 2026, and are currently unpatched, posing a significant risk to WordPress users. Security professionals are advised to monitor for exploits and implement protective measures. Key Points: • CVE-2023-54350 and CVE-2023-54352 allow remote code execution in WordPress plugins. • Both vulnerabilities exploit missing authentication, enabling unauthenticated access. • No specific affected product versions have been disclosed, increasing the risk for users.

Detailed Analysis

**Impact** WordPress sites using the Augmented-Reality plugin and the Seotheme theme are affected by remote code execution vulnerabilities, allowing unauthenticated attackers to execute arbitrary PHP code. The vulnerabilities enable attackers to upload malicious files, potentially compromising web servers and leading to persistent unauthorized access. No specific numbers, sectors, or geographic regions are detailed in the source articles. **Technical Details** Attackers exploit missing authentication (CWE-306) in the elFinder connector of the Augmented-Reality plugin (CVE-2023-54350) and the Seotheme theme (CVE-2023-54352) by sending POST requests or uploading PHP shells to specific endpoints. The malicious files execute system commands and allow further file uploads for persistence. Both vulnerabilities involve unauthenticated remote code execution at the web application layer, primarily during the exploitation and installation stages of the kill chain. No specific IOCs are provided. **Recommended Response** Apply patches or updates to the affected WordPress plugins and themes immediately once available. Harden configurations by restricting file upload permissions and implementing authentication controls on critical endpoints such as connector.minimal.php and theme directories. Deploy detection rules to monitor for suspicious POST requests and PHP file creations in file_manager and theme directories. In the absence of patches, monitor web server logs for anomalous file uploads and execution attempts targeting these components.

Source articles (4)

  • CVE-2023-54350 - WordPress Augmented — Cvefeed · 2026-06-08
    WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers c…
  • CVE-2023-54352 — Cvefeed · 2026-06-08
    WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can…
  • Wordpress Seotheme Remote Code Execution Unauthenticated — www.vulncheck.com · 2026-06-08
  • Wordpress Augmented Reality Plugin Remote Code Execution Unauthenticated — www.vulncheck.com · 2026-06-08

Timeline

  • 2026-06-08 — CVE-2023-54350 published: Remote code execution vulnerability in WordPress Augmented-Reality plugin allows file uploads and execution.
  • 2026-06-08 — CVE-2023-54352 published: Remote code execution vulnerability in WordPress Seotheme plugin allows unauthorized file uploads.

CVEs

  • CVE-2023-54350
  • CVE-2023-54352

Related entities

  • Zero-day Exploit (Attack Type)
  • Cwe-306 - Missing Authentication For Critical Function (Cwe)
  • cvefeed.io (Domain)
  • T1505.003 - Web Shell (Mitre Attack)
  • ElFinder (Platform)
  • PHP (Platform)
  • WordPress (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed