Lucene search
China National Vulnerability DatabaseCNVD-2023-06537HistoryMar 09, 2022 - 12:00 a.m.
WordPress plugin Custom Content Shortcode access control error vulnerability
2022-03-0900:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
wordpress
plugin
custom content shortcode
access control
vulnerability
php
data validation
admin
contributor
local file inclusion
EPSS
0.001
Percentile
23.0%
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. WordPress plugin Custom Content Shortcode versions prior to 4.0.2 are vulnerable to an access control error, which stems from the plugin’s failure to validate data passed to it to load the shortcode. An attacker could exploit this vulnerability to allow Contributor (v<4.0.1) or Admin (v<4.0.2) users to display arbitrary files (e.g. logs, .htaccess, etc.) on the file system and perform local file inclusion attacks when executing PHP files.
Related
prion
prion
Design/Logic Flaw
2022-03-07 09:15:00
patchstack
patchstack
cvelist
cvelist
wpvulndb
wpvulndb
Custom Content Shortcode < 4.0.2 - Authenticated Arbitrary File Access / LFI
2022-02-02 00:00:00
wpexploit
wpexploit
Custom Content Shortcode < 4.0.2 - Authenticated Arbitrary File Access / LFI
2022-02-02 00:00:00
nvd
nvd
CVE-2021-24825
2022-03-07 09:15:08
cve
cve
CVE-2021-24825
2022-03-07 09:15:08