4 results (0.003 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in Alexander Fuchs PHP Everywhere plugin <= 2.0.2 versions. Se ha detectado una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en PHP Everywhere (plugin de WordPress) versiones (anteriores a 2.0.2 incluyéndola) The PHP Everywhere plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to conduct unspecified potential attacks via forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/php-everywhere/wordpress-php-everywhere-plugin-2-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts. PHP Everywhere versiones anteriores a 2.0.3 incluyéndola, incluía una funcionalidad que permitía una ejecución de PHP Code Snippets por medio de los metaboxes de WordPress, que podían ser usados por cualquier usuario capaz de editar entradas PHP Everywhere versions 2.0.3 and below suffer from multiple remote code execution vulnerabilities. • https://www.wordfence.com/blog/2022/02/critical-vulnerabilities-in-php-everywhere-allow-remote-code-execution • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user. PHP Everywhere versiones anteriores a 2.0.3 incluyéndola, incluía una funcionalidad que permitía una ejecución de PHP Code Snippets por medio de los shortcodes de WordPress, que podían ser usados por cualquier usuario autenticado PHP Everywhere versions 2.0.3 and below suffer from multiple remote code execution vulnerabilities. • https://www.wordfence.com/blog/2022/02/critical-vulnerabilities-in-php-everywhere-allow-remote-code-execution • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1

PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts. PHP Everywhere versiones anteriores a 2.0.3 incluyéndola, incluía una funcionalidad que permitía una ejecución de fragmentos de código PHP por medio de un bloque gutenberg de WordPress por parte de cualquier usuario capaz de editar publicaciones PHP Everywhere versions 2.0.3 and below suffer from multiple remote code execution vulnerabilities. • https://www.wordfence.com/blog/2022/02/critical-vulnerabilities-in-php-everywhere-allow-remote-code-execution • CWE-94: Improper Control of Generation of Code ('Code Injection') •