The vulnerability lies in the implementation of the edit_posts permission plugin for PHP code, which allows a hacker to execute arbitrary code.

The vulnerability of the editposts permission implementation in the PHP plugin for PHP Everywhere is related to incorrect code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely using metashells...

The vulnerability lies in the implementation of the edit_posts permission plugin for PHP code, which allows a hacker to execute arbitrary code.

The vulnerability of the editposts permission implementation in the PHP plugin for PHP Everywhere is related to incorrect code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code using Götterhuber blocks...

CVE-2022-24664

PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts...

PHP Everywhere < 3.0.0 - Contributor+ RCE via Gutenberg Block

The plugin allows any users with a role as low as contributor to execute PHP via the Gutenberg Block of the plugin in posts...

PHP Everywhere < 3.0.0 - Contributor+ RCE via Metabox

The plugin allows any users with a role as low as contributor to execute PHP via the Metabox of the plugin in posts...

CVE-2021-25072

The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts via a CSRF attack...

CVE-2021-24868

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...

CVE-2021-24868

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...

CVE-2021-24775

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...

CVE-2021-24775

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...

Design/Logic Flaw

The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts...

CVE-2021-24868 Document Embedder < 1.7.9 - Subscriber+ Arbitrary Private/Draft Post Title Disclosure

The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts...

WordPress 安全漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress Document Embedder plugin versions prior to 1.7.5 contain an information disclosure vulnerability that could be exploited to all...

CVE-2021-46458

Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=addpost. This vulnerability can be exploited through a crafted POST request via the posttitle parameter...

CVE-2021-46458

Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=addpost. This vulnerability can be exploited through a crafted POST request via the posttitle parameter...

WordPress Qubely plugin cross-site request forgery vulnerability

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. cross-site request forgery vulnerability exists in versions prior to 1.7.8 of the Qubely plugin for WordPress, which...

WordPress Ultimate FAQ plugin cross-site request forgery vulnerability

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site request forgery vulnerability exists in versions prior to 2.1.2 of the Ultimate FAQ plugin for...

CVE-2021-24989

The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing attackers to make a logged in admin delete arbitrary posts from the blog...

CVE-2021-25013

The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubelydeletesavedblock AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts...

CVE-2021-25013

The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubelydeletesavedblock AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts...