CVE-2023-4994

Summary

CVE-2023-4994 is a Remote Code Execution vulnerability affecting the Allow PHP in Posts and Pages plugin for WordPress. In versions up to 3.0.4, this vulnerability can be exploited by authenticated attackers with subscriber-level permissions or higher. The 'php' shortcode is the entry point for this issue, enabling attackers to execute arbitrary code on the server. This poses a significant security risk to WordPress sites using this plugin. It is strongly recommended that users update to the latest version of the plugin, or consider disabling it altogether until a patch is available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.