cleantalk
Vulnerabilities and Security Researches

Allow PHP Execute, CVE-2024-13890

CVE, Research URL

CVE-2024-13890

Home page URL

Security reports for Allow PHP Execute

Application

Allow PHP Execute

Published on
Mar 08, 2025
Research Description
The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0. This is due to allowing PHP code to be entered by all users for whom unfiltered HTML is allowed. This makes it possible for authenticated attackers, with Editor-level access and above, to inject PHP code into posts and pages.
Affected versions
Min -, max 1.0.
Status
vulnerable
Previous vulnerability researches
Allow PHP Execute (CVE-2024-13890) , Mar 09, 2025
New vulnerability
RomethemeKit For Elementor (CVE-2024-10326) , Mar 10, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-1926) , Mar 10, 2025
Shortcode Cleaner Lite (CVE-2025-1481) , Mar 09, 2025
All-in-One Addons for Elementor – WidgetKit (CVE-2024-10321) , Mar 09, 2025
SMTP by BestWebSoft (CVE-2024-13908) , Mar 09, 2025