WordPress offered guidance about compatibility of new WordPress 5.6 with PHP 8 and what that means for publishers.

According to the WordFence Threat Intelligence team, the three vulnerabilities in PHP Everywhere all lead to remote code execution in versions of the software below 2.0.3.

Researchers found three critical remote code execution (RCE) vulnerabilities in the PHP Everywhere plugin for WordPress, used by over 30,000 websites worldwide.

The researchers at Secarma who uncovered the exploit said it enables bad actors to potentially open up thousands of WordPress sites (and other web applications) to remote code-execution.

The WordPress bug, tracked under CVE-2021-24284, can be used to upload malicious PHP files to an affected website, according to the research team at Wordfence.