AI description
CVE-2025-6784 is a Remote Code Execution (RCE) vulnerability found in the Code Engine plugin for WordPress, affecting all versions up to and including 0.3.5. The flaw arises because the plugin fails to restrict access to its code injecting functionality, which is accessible via the 'code-engine' shortcode. This vulnerability allows authenticated attackers, specifically those with Contributor-level access or higher, to execute arbitrary code on the server hosting the WordPress site. The underlying weakness is categorized as CWE-77, indicating an improper neutralization of special elements used in a command.
- Description
- The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to the plugin not restricting access to the code injecting functionality of the plugin. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-77
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
2
WordPress Code Engine plugin vulnerable to RCE (CVE-2025-6784, CVSS 8.8). Update immediately if used. https://t.co/6SCqAdwgkB https://t.co/JWMuOSp6gb via NVD Recent High CVSS #CyberSecurity #InfoSec #Vulnerability #AI #MachineLearning https://t.co/2bNT0qaFi8
@ADKCyber
11 Jul 2026
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨*CVE* CVE-2025-6784 The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to … https://t.co/8vJTmJX942 ----- Traducción: CVE-2025-6784 El … https://t.co/utmtNg
@infoflowcloud
11 Jul 2026
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6784 The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to … https://t.co/PIqailT5gS
@CVEnew
11 Jul 2026
580 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes