AI Score
Confidence
High
EPSS
Percentile
36.5%
Description The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution via the ‘php’ shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server.
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/allow-php-in-posts-and-pages/allow-php-in-posts-and-pages-304-authenticated-subscriber-remote-code-execution-via-shortcode