Thousands Of WordPress Sites Are Affected By Critical RCE Flaws In The ‘PHP Everywhere’ Plugin.

The Wordfence Threat Intelligence team started the responsible disclosure procedure for numerous Remote Code Execution vulnerabilities in PHP Everywhere, a WordPress plugin that has been installed on over 30,000 websites, on January 4, 2022.

One of these flaws allowed any authenticated user of any level, including subscribers and customers, to run code on a site using the plugin. We notified the WordPress plugin repository with our disclosure and began outreach to the plugin author because the vulnerabilities were of severe nature.

Wordfence, a WordPress security provider  informed the plugin’s author, Alexander Fuchs, about the flaws. January 4, 2022 – We release a firewall rule available to Wordfence Premium, Wordfence Care, and Wordfence Response customers. We begin the disclosure process with the plugin author and disclose to the WordPress plugin repository. The plugin author responds and we send over full disclosure.
January 10, 2022 – A Patched version, 3.0.0, is released.
February 3, 2022 – The firewall rule becomes available to free Wordfence users.

Researchers reported that ,” The upgrade to version 3.0.0 of this plugin is a breaking change that eliminates the [php everywhere] shortcode and widget.” “To migrate your old code to Gutenberg blocks, run the upgrade process from the plugin’s options page. It’s worth mentioning that version 3.0.0 only supports PHP snippets via the Block editor, therefore users who are still using the Classic Editor will need to uninstall the plugin and find another way to host custom PHP code.

The three issues, all of which received a CVSS rating of 9.9 out of ten, affect versions 2.0.3 and lower, and are as follows:

  • CVE-2022-24663 – Remote Code Execution by Subscriber+ users via shortcode
  • CVE-2022-24664 – Remote Code Execution by Contributor+ users via metabox, and
  • CVE-2022-24665 – Remote Code Execution by Contributor+ users via gutenberg block

Finally the researchers concluded that ,” If you’re using this plugin, we strongly advise you to update to the most recent version right away. If you feel your site has been hacked as a result of this vulnerability, Wordfence Care offers Incident Response services. If you need your site cleansed right away, Wordfence Response provides the same service with a 1-hour response time and is available 24/7/365. Both of these items come with hands-on support in case you need it. We advice to everyone who uses this plugin, as these vulnerabilities are very easy to exploit and can be leveraged to swiftly and totally take over a site.

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1, Linkedin handle @linkedin

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s