CVE-2022-24665
Remote Code Execution by by Contributor+ users via WordPress gutenberg block
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts.
PHP Everywhere versiones anteriores a 2.0.3 incluyéndola, incluía una funcionalidad que permitía una ejecución de fragmentos de código PHP por medio de un bloque gutenberg de WordPress por parte de cualquier usuario capaz de editar publicaciones
PHP Everywhere versions 2.0.3 and below suffer from multiple remote code execution vulnerabilities.
*Credits:
Ramuel Gall, Wordfence
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-01-04 CVE Published
- 2022-02-07 CVE Reserved
- 2023-09-09 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.wordfence.com/blog/2022/02/critical-vulnerabilities-in-php-everywhere-allow-remote-code-execution | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Php Everywhere Project Search vendor "Php Everywhere Project" | Php Everywhere Search vendor "Php Everywhere Project" for product "Php Everywhere" | <= 2.0.3 Search vendor "Php Everywhere Project" for product "Php Everywhere" and version " <= 2.0.3" | wordpress |
Affected
| ||||||