The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to the plugin not restricting access to the code injecting functionality of the plugin. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.

Project Subscriptions

Vendors Products
Tigroumeow Subscribe
Code Engine – Php Snippets, Ai Functions & Automation For Wordpress Subscribe
Wordpress Subscribe
Wordpress Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 13 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 13 Jul 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Tigroumeow
Tigroumeow code Engine – Php Snippets, Ai Functions & Automation For Wordpress
Wordpress
Wordpress wordpress
Vendors & Products Tigroumeow
Tigroumeow code Engine – Php Snippets, Ai Functions & Automation For Wordpress
Wordpress
Wordpress wordpress

Sat, 11 Jul 2026 06:30:00 +0000

Type Values Removed Values Added
Description The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to the plugin not restricting access to the code injecting functionality of the plugin. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.
Title Code Engine <= 0.3.5 - Authenticated (Contributor+) Remote Code Execution
Weaknesses CWE-77
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-07-13T14:28:15.594Z

Reserved: 2025-06-27T12:28:50.508Z

Link: CVE-2025-6784

cve-icon Vulnrichment

Updated: 2026-07-13T14:28:08.749Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-13T14:39:48Z

Weaknesses