ByteOS Network

metalpriceapi

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

1Vulnerabilities found

CVE-2025-48140

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-9.9||CRITICAL

EPSS-0.29% / 52.42%

7 Day CHG~0.00%

Published-09 Jun, 2025 | 15:53

Updated-28 Apr, 2026 | 16:12

WordPress MetalpriceAPI plugin <= 1.1.4 - Remote Code Execution (RCE) Vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in metalpriceapi MetalpriceAPI metalpriceapi allows Code Injection.This issue affects MetalpriceAPI: from n/a through <= 1.1.4.

Vendor-metalpriceapi

Product-MetalpriceAPI

CWE ID-CWE-94

Improper Control of Generation of Code ('Code Injection')