Description
WordPress Plugin PHP Speedy is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary PHP code within the context of the affected webserver process. WordPress Plugin PHP Speedy versions 0.5.2 and prior are vulnerable; other versions may also be affected.
Remediation
Edit the source code to ensure that input is properly sanitised and verified or disable the plugin until a fix is available
References
Related Vulnerabilities
WordPress Plugin Markup (JSON-LD) structured in schema.org Cross-Site Scripting (4.8.1)
MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9410)
WordPress Plugin MPL-Publisher-Create your Ebook & Audiobook Cross-Site Scripting (1.30.2)
Liferay Portal Missing Authorization Vulnerability (CVE-2023-33948)
Oracle Database Server Improper Input Validation Vulnerability (CVE-2016-2381)