CVE Vulnerabilities

CVE-2023-4994

Published: Sep 16, 2023 | Modified: Nov 07, 2023
CVSS 3.x
6.4
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.0.4 via the php shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server.

Affected Software

Name Vendor Start Version End Version
Allow_php_in_posts_and_pages Hitreach * 3.0.4 (including)

References