CVE-2022-24664

Name of the Vulnerable Software and Affected Versions PHP Everywhere versions 2.0.3 and earlier

Description The issue is related to the incorrect management of code generation in the PHP Everywhere plugin, specifically with the edit posts capability. This could allow a remote attacker to execute arbitrary code using metaboxes. The problem arises from the plugin's functionality that permits the execution of PHP code snippets via WordPress metaboxes, which can be utilized by any user with the ability to edit posts.

Recommendations For PHP Everywhere versions 2.0.3 and earlier, update to a version later than 2.0.3 to resolve the issue. As a temporary workaround, consider restricting access to the metaboxes functionality to minimize the risk of exploitation.