Critical remote code execution (RCE) vulnerabilities in a popular WordPress plugin have been made public. The RCE bugs impact PHP Everywhere, a utility for web developers to be able to use PHP code in pages, posts, the sidebar, or anywhere with a Gutenberg block – editor blocks in WordPress – on domains using the content management system (CMS).
Read full article on ZDNet