4 matches found
CVE-2023-1273
The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks...
CVE-2023-1273
The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks...
CVE-2023-1273
CVE-2023-1273 affects the WordPress plugin ND Shortcodes (before 7.0). The issue is that some shortcode attributes used to generate include paths are not validated, allowing an authenticated user (e.g., a subscriber) to perform a Local File Inclusion (LFI) attack by manipulating the path. Public ...
WordPress ND Shortcodes For Visual Composer Plugin < 7.0 is vulnerable to Local File Inclusion
Software ND Shortcodes For Visual Composer Type Plugin Vulnerable versions 7.0 Fixed in 7.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-1273 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0d5d6aec821b Credits Erwan LR WPScan Required...