प्लेटफ़ॉर्म
wordpress
घटक
code-engine
में ठीक किया गया
0.3.4
CVE-2025-48169 describes a Remote Code Execution (RCE) vulnerability within the Jordy Meow Code Engine. This flaw allows attackers to achieve Remote Code Inclusion, granting them the ability to execute arbitrary code on affected systems. The vulnerability impacts versions 0.0.0 through 0.3.3 of Code Engine, and a fix is available in version 0.3.4.
The impact of this RCE vulnerability is severe. Successful exploitation allows an attacker to inject and execute arbitrary code within the Code Engine environment. This could lead to complete system compromise, including data exfiltration, malware installation, and persistent backdoor access. Given the nature of Remote Code Inclusion, the attacker effectively gains control over the server hosting the WordPress site where Code Engine is installed. This vulnerability shares similarities with other code injection flaws where attackers leverage vulnerabilities to execute malicious scripts.
CVE-2025-48169 was published on 2025-08-20. The vulnerability's severity is considered CRITICAL due to the ease of exploitation and potential impact. Public proof-of-concept (POC) code is currently unknown, but the nature of the vulnerability suggests it could be readily exploited. Active campaigns targeting this vulnerability are not yet confirmed, but the high CVSS score warrants close monitoring.
WordPress websites utilizing the Jordy Meow Code Engine plugin, particularly those running versions 0.0.0 through 0.3.3, are at significant risk. Shared hosting environments where users have limited control over plugin configurations are especially vulnerable, as are sites with outdated or unpatched WordPress installations.
• wordpress / composer / npm:
grep -r 'include($_GET['code']);' /var/www/html/wp-content/plugins/code-engine/*• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/code-engine/?code=system('id')• wordpress / composer / npm:
wp plugin list --status=inactive• wordpress / composer / npm:
wp plugin update code-enginedisclosure
एक्सप्लॉइट स्थिति
EPSS
0.06% (19% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation is to immediately upgrade Jordy Meow Code Engine to version 0.3.4 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing temporary workarounds. These might include restricting file upload permissions within the Code Engine directory, implementing strict input validation to prevent malicious code injection, and utilizing a Web Application Firewall (WAF) to filter potentially harmful requests. Regularly monitor Code Engine logs for any suspicious activity. After upgrading, confirm the fix by attempting to trigger the vulnerability and verifying that the code execution is blocked.
Actualice el plugin Code Engine a la última versión disponible para mitigar la vulnerabilidad de ejecución remota de código. Verifique la página del plugin en WordPress.org para obtener la versión más reciente y las instrucciones de actualización. Considere deshabilitar o eliminar el plugin si no es esencial para su sitio web.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-48169 is a critical Remote Code Execution vulnerability in Jordy Meow Code Engine affecting versions 0.0.0 through 0.3.3, allowing attackers to execute arbitrary code.
You are affected if you are using Jordy Meow Code Engine versions 0.0.0 to 0.3.3. Check your plugin version and upgrade immediately.
Upgrade Jordy Meow Code Engine to version 0.3.4 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting file uploads and using a WAF.
Active exploitation is not yet confirmed, but the high CVSS score warrants close monitoring and proactive mitigation.
Refer to the Jordy Meow Code Engine project's official website or repository for the latest security advisories and updates.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।