CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23227 – WordPress PHP Everywhere Plugin <= 2.0.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2021-23227
Cross-Site Request Forgery (CSRF) vulnerability in Alexander Fuchs PHP Everywhere plugin <= 2.0.2 versions. Se ha detectado una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en PHP Everywhere (plugin de WordPress) versiones (anteriores a 2.0.2 incluyéndola) The PHP Everywhere plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to conduct unspecified potential attacks via forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/php-everywhere/wordpress-php-everywhere-plugin-2-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24664 – Remote Code Execution by by Contributor+ users via WordPress metabox
https://notcve.org/view.php?id=CVE-2022-24664
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts. PHP Everywhere versiones anteriores a 2.0.3 incluyéndola, incluía una funcionalidad que permitía una ejecución de PHP Code Snippets por medio de los metaboxes de WordPress, que podían ser usados por cualquier usuario capaz de editar entradas PHP Everywhere versions 2.0.3 and below suffer from multiple remote code execution vulnerabilities. • https://www.wordfence.com/blog/2022/02/critical-vulnerabilities-in-php-everywhere-allow-remote-code-execution • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24663 – Remote Code Execution by Subscriber+ users via WordPress shortcode
https://notcve.org/view.php?id=CVE-2022-24663
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user. PHP Everywhere versiones anteriores a 2.0.3 incluyéndola, incluía una funcionalidad que permitía una ejecución de PHP Code Snippets por medio de los shortcodes de WordPress, que podían ser usados por cualquier usuario autenticado PHP Everywhere versions 2.0.3 and below suffer from multiple remote code execution vulnerabilities. • https://www.wordfence.com/blog/2022/02/critical-vulnerabilities-in-php-everywhere-allow-remote-code-execution • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2022-24665 – Remote Code Execution by by Contributor+ users via WordPress gutenberg block
https://notcve.org/view.php?id=CVE-2022-24665
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts. PHP Everywhere versiones anteriores a 2.0.3 incluyéndola, incluía una funcionalidad que permitía una ejecución de fragmentos de código PHP por medio de un bloque gutenberg de WordPress por parte de cualquier usuario capaz de editar publicaciones PHP Everywhere versions 2.0.3 and below suffer from multiple remote code execution vulnerabilities. • https://www.wordfence.com/blog/2022/02/critical-vulnerabilities-in-php-everywhere-allow-remote-code-execution • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-43678
https://notcve.org/view.php?id=CVE-2021-43678
Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vulnerability in Wechat.php. Wechat-php-sdk versión v1.10.2, está afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS) en el archivo Wechat.php • https://github.com/gaoming13/wechat-php-sdk https://github.com/gaoming13/wechat-php-sdk/issues/30 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •