πŸ” CVE Alert

CVE-2023-53872

UNKNOWN 0.0

Wp2Fac 1.0 OS Command Injection via send.php Endpoint

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code.

CWE CWE-78
Vendor wp2fac
Product wp2fac
Published Dec 15, 2025
Last Updated Apr 7, 2026
Stay Ahead of the Next One

Get instant alerts for wp2fac wp2fac

Be the first to know when new unknown vulnerabilities affecting wp2fac wp2fac are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

wp2fac / Wp2Fac
1.0

References

NVD β†— CVE.org β†— EPSS Data β†—
exploit-db.com: https://www.exploit-db.com/exploits/51717 github.com: https://github.com/metinyesil/wp2fac vulncheck.com: https://www.vulncheck.com/advisories/wpfac-os-command-injection-via-sendphp-endpoint

Credits

Ahmet Ümit BAYRAM