CYBERHAWK / CVE / CVE-2017-20251

CVE-2017-20251

CRITICAL CVSS 9.8 other

The flaw

WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API. Attackers can

What to do

Review advisory and patch per vendor guidance.

▸ Scan my repo for CVE-2017-20251

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

First seen 2026-06-12 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits