Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.9 views

CVE-2023-4994

The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.0.4 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server...

9.9CVSS7.8AI score0.00748EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/09/18 12:0 a.m.13 views

WordPress Allow PHP in Posts and Pages Plugin <= 3.0.4 is vulnerable to Remote Code Execution (RCE)

Software Allow PHP in Posts and Pages Type Plugin Vulnerable versions = 3.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2023-4994 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID bcf7a7b556b2 Credits Lana Codes Required...

9.9CVSS7.6AI score0.00748EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/09/16 1:52 a.m.72 views

CVE-2023-4994

CVE-2023-4994 is a Remote Code Execution flaw in the WordPress plugin “Allow PHP in Posts and Pages” (versions

9.9CVSS7.3AI score0.00748EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/16 1:52 a.m.8 views

CVE-2023-4994 Allow PHP in Posts and Pages <= 3.0.4 - Authenticated (Subscriber+) Remote Code Execution via Shortcode

The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.0.4 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server...

9.9CVSS7.1AI score0.00748EPSS
Exploits0References2
Rows per page
Query Builder