216.73.217.80

CVE-2017-20251

· Published 09/06/2026 13:16 · Modified 09/06/2026 13:51

Labels: CVE-2017-20251 2026-06-09CVE-2017-20251CWE-94[email protected]

Essential information

Published
09/06/2026 13:16
Modified
09/06/2026 13:51
Author
Creator
CVSS
9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API. Attackers can send POST requests to the wp-json/wp/v2/posts endpoint with crafted content containing insert_php shortcodes to include and execute remote PHP files on the server.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wordpress / insert php cpe:2.3:a:wordpress:insert_php:<3.3.1:*:*:*:*:*:*:*

References