ByteOS Network

inpersttion

Source -

ADPCNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-8905

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-6.3||MEDIUM

EPSS-0.25% / 48.39%

7 Day CHG~0.00%

Published-15 Aug, 2025 | 08:25

Updated-15 Aug, 2025 | 16:07

Inpersttion For Theme <= 1.0 - Authenticated (Contributor+) Arbitrary Function Call

The Inpersttion For Theme plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the theme_section_shortcode() function. This is due to the plugin not restricting what functions can be called. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server which is limited to arbitrary functions without any user supplied parameters.

Vendor-inpersttion

Product-Inpersttion For Theme

CWE ID-CWE-94

Improper Control of Generation of Code ('Code Injection')

CVE-2024-27191

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-8.5||HIGH

EPSS-1.01% / 76.17%

7 Day CHG+0.26%

Published-03 Apr, 2024 | 12:04

Updated-19 Aug, 2024 | 19:27

WordPress Slivery Extender plugin <= 1.0.2 - Auth. Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in Inpersttion Slivery Extender allows Code Injection.This issue affects Slivery Extender: from n/a through 1.0.2.

Vendor-Inpersttion inpersttion

Product-Slivery Extender slivery_extender

CWE ID-CWE-94

Improper Control of Generation of Code ('Code Injection')