Login Sign Up

CVE-2023-5604

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

The Asgaros Forum WordPress plugin before version 2.7.1 allows forum administrators (who may not have full WordPress admin privileges) to configure insecure file upload settings. This could enable unauthenticated users to upload dangerous file types like .php and .phtml, potentially leading to remote code execution. WordPress sites using vulnerable versions of the Asgaros Forum plugin are affected.

💻 Affected Systems

Products:
  • Asgaros Forum WordPress Plugin
Versions: All versions before 2.7.1
Operating Systems: All
Default Config Vulnerable: ✅ No
Notes: Requires a forum administrator to enable insecure file upload settings. Forum administrators may not be WordPress super-administrators.

📦 What is this software?

Asgaros Forum by Asgaros

View all CVEs affecting Asgaros Forum →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete server compromise, data theft, malware deployment, or website defacement.

🟠

Likely Case

Unauthenticated attackers upload web shells to gain persistent access and execute arbitrary code on the server.

🟢

If Mitigated

Limited impact if file uploads are restricted by web server configuration or security plugins block execution.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires the forum administrator to have enabled dangerous file uploads. Public proof-of-concept demonstrates the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.7.1

Vendor Advisory: https://wpscan.com/vulnerability/4ce69d71-87bf-4d95-90f2-63d558c78b69

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Asgaros Forum and update to version 2.7.1 or later. 4. Verify the update completed successfully.

🔧 Temporary Workarounds

Restrict File Uploads via .htaccess

linux

Block execution of PHP/PHTML files in upload directories

<FilesMatch "\.(php|phtml|php3|php4|php5|php7|phps|php-s|pht|phar)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>

Disable Plugin

all

Temporarily disable Asgaros Forum until patched

wp plugin deactivate asgaros-forum

🧯 If You Can't Patch

  • Remove forum administrator roles from untrusted users
  • Implement web application firewall rules to block malicious file uploads

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Asgaros Forum version number

Check Version:

wp plugin get asgaros-forum --field=version

Verify Fix Applied:

Confirm Asgaros Forum version is 2.7.1 or higher in WordPress plugins list

📡 Detection & Monitoring

Log Indicators:

  • File uploads of .php/.phtml files to forum upload directories
  • Unusual POST requests to forum upload endpoints

Network Indicators:

  • HTTP POST requests with file uploads to /wp-content/uploads/asgarosforum/ paths

SIEM Query:

source="web_server" AND (uri_path="/wp-content/uploads/asgarosforum/*" AND method="POST")

📊 Metadata

CVE ID: CVE-2023-5604
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-94
Published: November 27, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-5604, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)