1 results (0.000 seconds)

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.0.4 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. El complemento Allow PHP in Posts and Pages para WordPress es vulnerable a la Ejecución Remota de Código en versiones hasta la 3.0.4 inclusive a través del código corto 'php'. Esto permite a atacantes autenticados con permisos de nivel de suscriptor o superiores ejecutar código en el servidor. • https://plugins.trac.wordpress.org/browser/allow-php-in-posts-and-pages/trunk/allowphp.php#L373 https://www.wordfence.com/threat-intel/vulnerabilities/id/3d8b4bb6-3715-40c1-8140-7fcf874ccec3?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •