Rewterz Threat Advisory – Multiple PHP Everywhere plugin for WordPress Vulnerabilities

Rewterz Threat Advisory – CVE-2022-22533 – SAP Application Server Java Vulnerability

February 10, 2022

Rewterz Threat Alert – Lazarus APT Group – Active IOCs

February 10, 2022

Rewterz Threat Advisory – Multiple PHP Everywhere plugin for WordPress Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-24665; CVE-2022-24664; CVE-2022-24663

PHP Everywhere plugin for WordPress could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Gutenberg Block editor. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

Code Execution

Indicators of Compromise

CVE

CVE-2022-24665
CVE-2022-24664
CVE-2022-24663

Affected Vendors

WordPress

Affected Products

WordPress PHP Everywhere plugin for WordPress 2.0.2
WordPress PHP Everywhere plugin for WordPress 2.0.1
WordPress PHP Everywhere plugin for WordPress 2.0.3

Remediation

Upgrade to the latest version of PHP Everywhere plugin for WordPress, available from the WordPress Plugin Directory.

PHP Everywhere

CVE-2022-23261https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-23261

Rewterz Threat Advisory – CVE-2022-22533 – SAP Application Server Java Vulnerability

Rewterz Threat Alert – Lazarus APT Group – Active IOCs

Rewterz Threat Advisory – Multiple PHP Everywhere plugin for WordPress Vulnerabilities

Severity

Analysis Summary

CVE-2022-24665; CVE-2022-24664; CVE-2022-24663

Impact

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan