Aggregates CVE and security vulnerability intelligence across all php_everywhere_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk csrf and related security problems, affecting vendor surface software deployment and vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-24665 | PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts. | [email protected] | 9.9 | 2.10% | 2022-02-16 | 2024-11-21 |
| CVE-2022-24664 | PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts. | [email protected] | 9.9 | 1.54% | 2022-02-16 | 2024-11-21 |
| CVE-2022-24663 | PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user. | [email protected] | 9.9 | 2.10% | 2022-02-16 | 2024-11-21 |
| CVE-2021-23227 | Cross-Site Request Forgery (CSRF) vulnerability in Alexander Fuchs PHP Everywhere plugin <= 2.0.2 versions. | [email protected] | 5.4 | 0.14% | 2022-01-13 | 2024-11-21 |