Partner Program
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them.
IntegrationsSync with an abundant number of out-of-the-box integrations.
HiveForce LabsStrategic intelligence and operational expertise to ensure comprehensive security readiness at all levels.
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Data Sheets
Whitepapers
Press Releases
connect
Webinars & Videos
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoStart Free Trial
Platform
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them.
IntegrationsSync with an abundant number of out-of-the-box integrations.
HiveForce LabsStrategic intelligence and operational expertise to ensure comprehensive security readiness at all levels.
Solutions
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Data Sheets
Whitepapers
Press Releases
connect
Webinars & Videos
Company
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoStart Free Trial

Critical remote code execution vulnerabilities in WordPress PHP everywhere Plugin

Threat Level – Amber | Vulnerability Report
Download PDF

THREAT LEVEL: Red.

For a detailed advisory, download the pdf file here

Three critical remote code execution (RCE) vulnerabilities in a WordPress plugin PHP everywhere have been discovered. It is a plugin that allows web developers to utilize PHP code in pages, posts, the sidebar, or anywhere on domains that use the content management system (CMS). This plugin has been installed on over 30,000 websites.

The first vulnerability which has been assigned CVE-2022-24663, allows an authorized attacker to execute shortcodes via the parse-media-shortcode AJAX call. In this case, if users are signed in then even if they have absolutely no access, such as a subscriber, a forged request parameter might be provided to run arbitrary PHP code, resulting in full website takeover.

The second RCE vulnerability has been assigned CVE-2022-24664. This flaw was discovered in the way PHP Everywhere controls metaboxes, draggable edit boxes and how the software allows any user with the edit posts capability to access these functionalities. Untrusted contributor-level users might use the PHP Everywhere metabox to execute code on a site by generating a post, inserting PHP code into the PHP Everywhere metabox, and previewing the post. While this vulnerability has the same severity as the shortcode vulnerability, it is less severe because contributor-level permissions are required.

The third vulnerability is tracked as CVE-2022-24665. An attacker could tamper a website’s functionality by executing arbitrary PHP code through ‘edit_posts’ permissions of PHP Everywhere Gutenberg blocks.

These vulnerabilities have been fixed in version 3.0.0.

Potential MITRE ATT&CK TTPs are:

TA0040: Impact

TA0001: Initial Access       

TA0002: Execution

TA0007: Discovery

TA0003: Persistence

T1190: Exploit-public facing application

T1518: Software Discovery

T1565: Data Manipulation

T1059: Command and Scripting Interpreter

T1505: Server Software Component

T1505.003: Server Software Component: Web Shell

Vulnerability Details

Patch Link

https://downloads.wordpress.org/plugin/php-everywhere.3.0.0.zip

References

https://www.wordfence.com/blog/2022/02/critical-vulnerabilities-in-php-everywhere-allow-remote-code-execution/

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox