Urgent: Update Your WordPress PHP Everywhere Plugin Now!
Written on
Chapter 1: The PHP Everywhere Plugin Vulnerability
If you're operating a WordPress website, it's likely that you're among the 30,000 users of the PHP Everywhere Plugin. This widely-used tool enables site administrators to incorporate dynamic PHP content anywhere on their pages.
Recently, researchers from Wordfence, a team specializing in WordPress security, identified three significant vulnerabilities in this plugin. These issues permit hackers to execute code remotely on sites utilizing version 2.0.3 or earlier.
Section 1.1: Understanding the Risks
The concerning aspect is that attackers only need to be assigned Subscriber or Contributor roles to exploit these vulnerabilities, which are often viewed as low-risk permissions.
These vulnerabilities are officially cataloged as CVE-2022–24663, CVE-2022–24664, and CVE-2022–24665.
Subsection 1.1.1: Discovery and Response
The flaws were first discovered on January 4, 2022, prompting the authors to release an update on January 10 to rectify the issues. However, it was noted that the fix required extensive code rewrites, making it a challenging task.
Section 1.2: The Challenge of Implementation
Despite the availability of a patch, only about half of the plugin users have implemented the update. This leaves numerous WordPress sites vulnerable.
If you manage a WordPress site, it's imperative to update this plugin immediately or direct your site administrator to do so without delay.
Chapter 2: Important Considerations
In the video "How To Fix Your WordPress Site After A Plugin Update Goes Wrong," you will learn effective strategies for addressing issues that may arise following a plugin update.
Additionally, the video "How To Manually Update A WordPress Plugin" provides guidance on how to manually update your plugins to ensure your site remains secure.
Final Thoughts
If your site uses the classic editor, note that you will need to uninstall the PHP Everywhere Plugin. As the classic editor is being phased out, the recent update will not be compatible with it.
Creating this content requires significant effort and research. If you appreciate this information, please consider following me and showing your support. Thank you!