EUVD-2018-21844

Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wpabspath parameter on PHP versions before 5.3.4. Attackers can supply malicious wpabspath values to...

EUVD-2009-0467

Malware in sbrugna...

WordPress plugin Advanced Custom Fields 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

CVE-2024-4936

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allowurlinclude to be...

CVE-2024-4936

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allowurlinclude to be...

PT-2024-33483 · WordPress · Canto

Name of the Vulnerable Software and Affected Versions: Canto plugin for WordPress versions up to, and including, 3.0.8 Description: The issue allows unauthenticated attackers to include remote files on the server, resulting in code execution. This is achieved via the abspath parameter and require...

Canto <= 3.0.8 - Unauthenticated Remote File Inclusion

Description The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required...

WordPress plugin Canto security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2015-8351

PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allowurlinclude is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be...

Gwolle Guestbook WordPress Plugin Remote File Inclusion Vulnerability

Gwolle Guestbook WordPress is a visiting message board plugin for WordPress sites. Gwolle Guestbook WordPress 1.5.3 and earlier versions do not effectively filter the value of the "abspath" HTTP GET parameter, used in the PHP require function, which allows remote attackers to include a file named...

CVE-2012-1205

PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter...

CVE-2012-1205

CVE-2012-1205 affects WordPress Relocate Upload plugin before 0.20. It is a PHP Remote File Inclusion via abspath in relocate-upload.php, allowing an attacker to execute arbitrary PHP code remotely. Affected component is the Relocate Upload plugin’s relocate-upload.php; root cause is improper han...

CVE-2010-5038

PHP remote file inclusion vulnerability in contact/contact.php in Groone's Simple Contact Form allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter...