WordPress PHP Everywhere Plugin <= 2.0.3 is vulnerable to Remote Code Execution (RCE)

Software PHP Everywhere Type Plugin Vulnerable versions = 2.0.3 Fixed in 3.0.0 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2022-24664 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 03f2a970e135 Credits Ramuel Gall Required privilege...

CVE-2022-24664 Remote Code Execution by by Contributor+ users via WordPress metabox

PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts...

CVE-2022-24664

CVE-2022-24664 affects the WordPress PHP Everywhere plugin. Vulnerable in versions

CVE-2022-24664 Remote Code Execution by by Contributor+ users via WordPress metabox

PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts...

CVE-2022-24664

creationtimestamp| type| source ---|---|--- 2022-02-10 16:20:00+00:00| seen| https://t.me/truesecator/2616...