CVE-2024-13890 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0. This is due to allowing PHP code to be…
High CVSS: 7.2

CVE-2024-13890

The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0. This is due to allowing PHP code to be entered by all users for whom unfiltered HTML is allowed. This makes it possible for authenticated attackers, with Editor-level access and above, to inject PHP code into posts and pages.
Vendor
Sksdev
Product
Allow Php Execute
CWE
CWE-94
Yayın Tarihi
2025-03-08 03:15:36
Güncelleme
2025-03-12 16:48:41
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-94 Allow Php Execute HIGH Sksdev 2025

Referanslar

https://plugins.trac.wordpress.org/browser/allow-php-execute/trunk/allow-php-execute.php#L10 https://www.wordfence.com/threat-intel/vulnerabilities/id/412c39e9-9378-4c2c-817c-8d37f156af6e?source=cve