PT-2025-35869 · WordPress · Easy Timer
Jonas Benjamin Friedli
·
Published
2025-09-04
·
Updated
2025-09-04
·
CVE-2025-9519
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Easy Timer plugin for WordPress versions prior to 4.2.2
Description
The Easy Timer plugin for WordPress is susceptible to Remote Code Execution through its shortcodes. This is caused by inadequate restriction of shortcode attributes, potentially allowing authenticated attackers with Editor-level access or higher to execute code on the server.
Recommendations
Update the Easy Timer plugin to version 4.2.2 or later.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Easy Timer