CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2023-54352 — WordPress Seotheme contains a remote code execution vulnerability that allows un...

·Source: NIST NVD

Updated:

Executive Summary

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands and upload additional files for persistent access.

Analysis

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands and upload additional files for persistent access. CVSS Score: 9.8. Published: 2026-06-08T02:16:23.107.

Indicators of Compromise (1)

CVE (1)
CVE-2023-54352
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on Jun 8, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

Chinese, N. Korean Threat Groups Build on Asia-Pacific Success

North Korea's gross domestic product (GDP) has grown, in part because of the cybercrime gains of groups linked to the nation, which target business and financial firms.

Dark Reading
MEDIUMVulnerability

FSB guides banks on resposible adoption of AI

The Financial Stability Council is inviting feedback on a new consultation on sound practices for the responsible adoption of artificial intelligence within the financial sector.

Finextra
MEDIUMVulnerability

Mastercard launches Agent Pay for Machines

Mastercard has lined up a host of firms behind its latest AI commerce tool, Agent Pay for Machines (AP4M).

Finextra