Vulnerabilities (CVE)

Filtered by vendor Php Everywhere Project Subscribe
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24665 1 Php Everywhere Project 1 Php Everywhere 2024-11-21 6.5 MEDIUM 9.9 CRITICAL
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts.
CVE-2022-24664 1 Php Everywhere Project 1 Php Everywhere 2024-11-21 4.0 MEDIUM 9.9 CRITICAL
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts.
CVE-2022-24663 1 Php Everywhere Project 1 Php Everywhere 2024-11-21 6.5 MEDIUM 9.9 CRITICAL
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user.
CVE-2021-23227 1 Php Everywhere Project 1 Php Everywhere 2024-11-21 6.8 MEDIUM 5.4 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in Alexander Fuchs PHP Everywhere pluginĀ <= 2.0.2 versions.