Critical security flaws have been discovered in the PHP Everywhere WordPress plugin, which is used by over 30,000 websites worldwide and could be exploited by an intruder to execute malicious script on infected devices.
PHP Everywhere enables users to insert and execute PHP-based code in the content management system’s Pages, Posts, and Sidebar by turning on PHP code across WordPress facilities.