Stats Digest Feeds
โ† Back to all CVEs

CVE-2025-6784

HIGH NVD
CVSS Score 8.8
Severity HIGH
Published Jul 11, 2026
Vendor unknown

Description

The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to the plugin not restricting access to the code injecting functionality of the plugin. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.

References