PHP Everywhere <= 2.0.3 is vulnerable to Remote Code Execution by Contributor+ users via gutenberg block vulnerability

Contributor

Published
2023-07-25

PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts.

CVE

https://www.cve.org/CVERecord?id=CVE-2022-24665

CVSS

Score:9.9

Severity:Critical

Version: 2.0.3

There is a patch available in v3.0.0 and we strongly recommend you update to this version as soon as possible.