Product
The Code Engine plugin for WordPress, in versions up to and including 0.3.5, is vulnerable to Remote Code Execution (RCE) via its 'code-engine' shortcode, allowing authenticated attackers with Contributor-level access or above to execute arbitrary code on the server.