21 matches found
CVE-2025-6784
The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to the plugin not restricting access to the code injecting functionality of the plugin. This makes it possible for authenticated...
CVE-2025-6784 Code Engine <= 0.3.5 - Authenticated (Contributor+) Remote Code Execution
The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to the plugin not restricting access to the code injecting functionality of the plugin. This makes it possible for authenticated...
EUVD-2025-210455
The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to the plugin not restricting access to the code injecting functionality of the plugin. This makes it possible for authenticated...
CVE-2025-6784
CVE-2025-6784 affects the WordPress Code Engine plugin (versions up to 0.3.5). It allows Remote Code Execution via the 'code-engine' shortcode because access to the plugin’s code-injecting functionality is not restricted. Authenticated users with Contributor-level access and above can execute cod...
EUVD-2025-19022
Malicious code in bioql PyPI...
EUVD-2025-25336
Malicious code in bioql PyPI...
CVE-2025-48169
Improper Control of Generation of Code 'Code Injection' vulnerability in Jordy Meow Code Engine code-engine allows Remote Code Inclusion.This issue affects Code Engine: from n/a through = 0.3.3...
CVE-2025-48169 WordPress Code Engine Plugin <= 0.3.3 - Remote Code Execution (RCE) Vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Jordy Meow Code Engine allows Remote Code Inclusion. This issue affects Code Engine: from n/a through 0.3.3...
CVE-2025-48169
CVE-2025-48169 affects the WordPress Code Engine Plugin (versions ≤ 0.3.3). The issue is an Improper Control of Generation of Code that enables Remote Code Execution/Remote Code Inclusion. CVSS v3.1 vector: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H with base score 9.9 (CRITICAL). Public references (Pat...
CVE-2025-48169 WordPress Code Engine Plugin <= 0.3.3 - Remote Code Execution (RCE) Vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Jordy Meow Code Engine code-engine allows Remote Code Inclusion.This issue affects Code Engine: from n/a through = 0.3.3...
WordPress plugin Code Engine 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-33925 · Unknown · Jordy Meow Code Engine
Name of the Vulnerable Software and Affected Versions: Jordy Meow Code Engine versions n/a through 0.3.3 Description: An improper control of generation of code 'Code Injection' vulnerability exists in Jordy Meow Code Engine, allowing for Remote Code Inclusion. Recommendations: Update Jordy Meow...
WordPress Code Engine Plugin <= 0.3.3 - Remote Code Execution (RCE) Vulnerability
Remote Code Execution RCE Vulnerability discovered by theviper17 in WordPress Plugin Code Engine versions = 0.3.3...
WordPress Code Engine plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Code Engine plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...
CVE-2025-50043
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jordy Meow Code Engine code-engine allows Stored XSS.This issue affects Code Engine: from n/a through = 0.3.2...
CVE-2025-50043
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jordy Meow Code Engine code-engine allows Stored XSS.This issue affects Code Engine: from n/a through = 0.3.2...
CVE-2025-50043 WordPress Code Engine plugin <= 0.3.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jordy Meow Code Engine allows Stored XSS. This issue affects Code Engine: from n/a through 0.3.2...
CVE-2025-50043
CVE-2025-50043 affects the WordPress Code Engine plugin (Code Engine) with versions <= 0.3.2. The vulnerability is Stored XSS caused by improper neutralization of input during web page generation. According to multiple connected sources, patches exist and the issue is marked as Patched for Cod...
CVE-2025-50043 WordPress Code Engine plugin <= 0.3.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jordy Meow Code Engine code-engine allows Stored XSS.This issue affects Code Engine: from n/a through = 0.3.2...
PT-2025-26394 · Unknown · Jordy Meow Code Engine
Name of the Vulnerable Software and Affected Versions: Jordy Meow Code Engine versions 0.3.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...