← Back

Php Everywhere

php_everywhere

Vendor: Php Everywhere Project • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-24665
1Php Everywhere Project
1Php Everywhere
Nov 21, 2024
Feb 16, 2022
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts.
CVE-2022-24664
1Php Everywhere Project
1Php Everywhere
Nov 21, 2024
Feb 16, 2022
N/A· v4
8.8 HIGH· v3
4.0 MEDIUM· v2
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts.
CVE-2022-24663
1Php Everywhere Project
1Php Everywhere
Nov 21, 2024
Feb 16, 2022
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user.
CVE-2021-23227
1Php Everywhere Project
1Php Everywhere
Nov 21, 2024
Jan 13, 2022
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Cross-Site Request Forgery (CSRF) vulnerability in Alexander Fuchs PHP Everywhere plugin <= 2.0.2 versions.