VYPR

PHP Everywhere

by WordPress

CVEs (4)

  • CVE-2022-24665CriFeb 16, 2022
    risk 0.65cvss 9.9epss 0.02

    PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts.

  • CVE-2022-24663CriFeb 16, 2022
    risk 0.65cvss 9.9epss 0.02

    PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user.

  • CVE-2022-24664CriFeb 16, 2022
    risk 0.64cvss 9.9epss 0.02

    PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts.

  • CVE-2021-23227MedJan 13, 2022
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Alexander Fuchs PHP Everywhere plugin <= 2.0.2 versions.