Php Everywhere Project: Security Vulnerabilities
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user.
CVSS Score
9.9
EPSS Score
0.019
Published
2022-02-16
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts.
CVSS Score
9.9
EPSS Score
0.015
Published
2022-02-16
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts.
CVSS Score
9.9
EPSS Score
0.022
Published
2022-02-16
Cross-Site Request Forgery (CSRF) vulnerability in Alexander Fuchs PHP Everywhere pluginĀ <= 2.0.2 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-01-13