Rewterz Threat Advisory – CVE-2022-22533 – SAP Application Server Java Vulnerability
February 10, 2022Rewterz Threat Alert – Lazarus APT Group – Active IOCs
February 10, 2022Rewterz Threat Advisory – CVE-2022-22533 – SAP Application Server Java Vulnerability
February 10, 2022Rewterz Threat Alert – Lazarus APT Group – Active IOCs
February 10, 2022Severity
High
Analysis Summary
CVE-2022-24665; CVE-2022-24664; CVE-2022-24663
PHP Everywhere plugin for WordPress could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Gutenberg Block editor. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
Indicators of Compromise
CVE
- CVE-2022-24665
- CVE-2022-24664
- CVE-2022-24663
Affected Vendors
WordPress
Affected Products
- WordPress PHP Everywhere plugin for WordPress 2.0.2
- WordPress PHP Everywhere plugin for WordPress 2.0.1
- WordPress PHP Everywhere plugin for WordPress 2.0.3
Remediation
Upgrade to the latest version of PHP Everywhere plugin for WordPress, available from the WordPress Plugin Directory.
CVE-2022-23261https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-23261