Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Sneeit Framework Remote Code Execution Vulnerability

Vulnerability

Exploited

A remote code execution vulnerability exists in the Sneeit Framework plugin for WordPress, affecting all versions through 8.3. The issue arises in the sneeit_articles_pagination_callback() function, which improperly handles user input by passing it through call_user_func(). This flaw allows unauthenticated attackers to execute arbitrary code on the server, potentially leading to the injection of backdoors or the creation of new administrative user accounts.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where the WordPress site is hosted.

Remediation

Users are advised to update the Sneeit Framework plugin to version 8.4 or a newer patched version.

Added: Nov 25, 2025, 3:18 AM

Updated: Nov 25, 2025, 3:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

9.1

remediation

7.7

relevance

1.1

threat

8.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

9.1

remediation

7.7

relevance

1.1

threat

8.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Sneeit Framework Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating