16 matches found
CVE-2025-60087
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder:...
CVE-2025-60087
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder:...
CVE-2025-60087 WordPress Extensive VC Addons for WPBakery page builder plugin <= 1.9.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder:...
CVE-2025-60087 WordPress Extensive VC Addons for WPBakery page builder plugin <= 1.9.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder:...
CVE-2025-60087
The CVE-2025-60087 entry describes a Local File Inclusion in the WordPress plugin Extensive VC Addons for WPBakery page builder (versions up to and including 1.9.1). The root cause is improper control of filename for include/require statements in PHP, enabling LFI via PHP Include/Require operatio...
EUVD-2025-203224
The Extensive VC Addons for WPBakery page builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.1 via the extensivevcgetmoduletemplatepart function. This is due to insufficient path normalization and validation of the user-supplied...
CVE-2025-14475
The Extensive VC Addons for WPBakery page builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.1 via the extensivevcgetmoduletemplatepart function. This is due to insufficient path normalization and validation of the user-supplied...
CVE-2025-14475 Extensive VC Addons for WPBakery page builder <= 1.9.1 - Unauthenticated Local File Inclusion via 'shortcode_name' Parameter
The Extensive VC Addons for WPBakery page builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.1 via the extensivevcgetmoduletemplatepart function. This is due to insufficient path normalization and validation of the user-supplied...
CVE-2025-14475
CVE-2025-14475 — Extensible VC Addons for WPBakery (WordPress) LFI via shortcode_name . The vulnerability affects the Extensible VC Addons for WPBakery Page Builder plugin up to version 1.9.1. The root cause is insufficient path normalization/validation of the user-supplied shortcode_name paramet...
WordPress plugin Extensive VC Addons for WPBakery page builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress Extensive VC Addons for WPBakery page builder plugin <= 1.9.1 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Extensive VC Addons for WPBakery page builder versions = 1.9.1...
CVE-2023-0159
The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may ...
CVE-2023-0159
The CVE-2023-0159 entry affects the WordPress plugin Extensive VC Addons for WPBakery page builder (versions prior to 1.9.1). The vulnerability arises from not validating a parameter passed to PHP’s extract function when loading templates, permitting an unauthenticated attacker to override the te...
CVE-2023-0159 Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE
The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may ...
WordPress plugin Extensive VC Addons for WPBakery page builder 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
WordPress Extensive VC Addons for WPBakery page builder Plugin < 1.9.1 is vulnerable to Local File Inclusion
Software Extensive VC Addons for WPBakery page builder Type Plugin Vulnerable versions 1.9.1 Fixed in 1.9.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-0159 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 335c3e6ccfa2 Credits dc11 Required...