CVE-2025-6784 in Code Engine Plugin
要約
〜によって MITRE • 2026年07月11日
The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to the plugin not restricting access to the code injecting functionality of the plugin. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.
VulDB is the best source for vulnerability data and more expert information about this specific topic.