Vulnerabilities

CVE-2026-3352 - Easy PHP Settings <= 1.0.4 - authenticated (administrator+) php code injection vi...

2026-03-07 0 views admin
CVE-2026-3352 - Easy PHP Settings <= 1.0.4 - authenticated (administrator+) php code injection vi...

CVE ID :CVE-2026-3352 Published : March 7, 2026, 2:16 a.m. | 1 hour, 10 minutes ago Description :The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the `update_wp_memory_constants()` method. This is due to insufficient input validation on the `wp_memory_limit` and `wp_max_memory_limit` settings before writing them to `wp-config.php`. The `sanitize_text_field()` function used for sanitization does not filter single quotes, allowing an attacker to break out of the string context in a PHP `define()` statement. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject and execute arbitrary PHP code on the server by modifying `wp-config.php`, which is loaded on every page request. Severity: 7.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

Severity
HIGH
Published
March 7, 2026
Affected Product: PHP

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-3352highphp

More from Vulnerabilities

CVE-2025-14353 - ZIP Code Based Content Protection <= 1.0.2 - unauthenticated sql injection via '...

CVE-2025-14353 - ZIP Code Based Content Protection <= 1.0.2 - unauthenticated sql injection via '...

2026-03-07 0
CVE-2026-1902 - Hammas Calendar <= 1.5.11 - authenticated (contributor+) stored cross-site script...

CVE-2026-1902 - Hammas Calendar <= 1.5.11 - authenticated (contributor+) stored cross-site script...

2026-03-07 0
CVE-2026-1650 - MDJM Event Management <= 1.7.8.1 - missing authorization to unauthenticated arbit...

CVE-2026-1650 - MDJM Event Management <= 1.7.8.1 - missing authorization to unauthenticated arbit...

2026-03-07 0
CVE-2026-2494 - ProfileGrid <= 5.9.8.2 - cross-site request forgery to group membership request a...

CVE-2026-2494 - ProfileGrid <= 5.9.8.2 - cross-site request forgery to group membership request a...

2026-03-07 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views