PT-2025-10422 · WordPress · Allow Php Execute

Francesco Carlucci

Published

2025-03-08

Updated

2025-03-13

CVE-2024-13890

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Allow PHP Execute plugin for WordPress versions prior to 1.1

Description The issue allows PHP code to be entered by all users for whom unfiltered HTML is allowed, making it possible for authenticated attackers with Editor-level access and above to inject PHP code into posts and pages.

Recommendations For versions prior to 1.1, update to a version that fixes the PHP Code Injection issue to prevent authenticated attackers from injecting PHP code into posts and pages.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2024-13890

Affected Products

Allow Php Execute

PT-2025-10422 · WordPress · Allow Php Execute

CVE-2024-13890

Weakness Enumeration

Related Identifiers

Affected Products

References · 12