PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts.
References
Link | Resource |
---|---|
https://www.wordfence.com/blog/2022/02/critical-vulnerabilities-in-php-everywhere-allow-remote-code-execution/ | Exploit Third Party Advisory |
Configurations
Information
Published : 2022-02-16 09:15
Updated : 2022-02-24 07:19
NVD link : CVE-2022-24665
Mitre link : CVE-2022-24665
JSON object : View
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')
Products Affected
php_everywhere_project
- php_everywhere