High
PHP Everywhere plugin for WordPress could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Gutenberg Block editor. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
WordPress
Upgrade to the latest version of PHP Everywhere plugin for WordPress, available from the WordPress Plugin Directory.
CVE-2022-23261https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2022-23261