Researchers found three critical remote code execution (RCE) vulnerabilities in the 'PHP Everywhere' plugin for WordPress, used by over 30,000 websites worldwide.

The three vulnerabilities (CVE-2022-24663, CVE-2022-24664, CVE-2022-24665) were discovered by security analysts at Wordfence. The flaws affect all WordPress 'PHP Everywhere' plugin versions from 2.0.3 and below.

The vendor released a security update on January 10, 2022, with 'PHP Everywhere' plugin version 3.0.0.

Source: bleepingcomputer.com