EUVD-2018-21844

Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wpabspath parameter on PHP versions before 5.3.4. Attackers can supply malicious wpabspath values to...

PT-2026-41550

Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wp abspath parameter on PHP versions before 5.3.4. Attackers can supply malicious wp abspath values to simp...

EUVD-2009-0467

Malware in sbrugna...

WordPress plugin Advanced Custom Fields 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

CVE-2024-4936

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allowurlinclude to be...

CVE-2024-4936

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allowurlinclude to be...

PT-2024-33483 · WordPress · Canto

Name of the Vulnerable Software and Affected Versions: Canto plugin for WordPress versions up to, and including, 3.0.8 Description: The issue allows unauthenticated attackers to include remote files on the server, resulting in code execution. This is achieved via the abspath parameter and require...

Canto <= 3.0.8 - Unauthenticated Remote File Inclusion

Description The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required...

VulnCheck KEV: CVE-2015-8351

PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allowurlinclude is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be...

WordPress plugin Canto security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2023-24910

Name of the Vulnerable Software and Affected Versions Canto plugin for WordPress versions up to, and including, 3.0.4 Description The Canto plugin for WordPress is vulnerable to Remote File Inclusion via the wp abspath parameter. This allows unauthenticated attackers to include and execute...

SUSE CVE-2020-20277

There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's composeabspath function that can be abused to read or write to arbitrary files on the filesystem,...

CVE-2015-8351

PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allowurlinclude is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be...

Gwolle Guestbook WordPress Plugin Remote File Inclusion Vulnerability

Gwolle Guestbook WordPress is a visiting message board plugin for WordPress sites. Gwolle Guestbook WordPress 1.5.3 and earlier versions do not effectively filter the value of the "abspath" HTTP GET parameter, used in the PHP require function, which allows remote attackers to include a file named...

Wordpress Mini Mail Dashboard Widget Plugin 1.36 Remote File Inclusion

No description provided by source. Exploit Title: Mini Mail Dashboard Widget Wordpress plugin RFI Google Dork: inurl:wp-content/plugins/mini-mail-dashboard-widget Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing Software Link:...

Wordpress Relocate Upload Plugin 0.14 Remote File Inclusion

在relocate-upload.php文件第16行,没有对传入的abspath进行过滤,导致任意文件本地远程文件包含 if isset$GET'rufolder' // WP setup and function access define'WPUSETHEMES', false; requireonceurldecode$GET'abspath'.'/wp-load.php'; // save us looking for it, it's passed as a GET parameterarameter...

CVE-2012-1205

PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter...

CVE-2012-1205

CVE-2012-1205 affects WordPress Relocate Upload plugin before 0.20. It is a PHP Remote File Inclusion via abspath in relocate-upload.php, allowing an attacker to execute arbitrary PHP code remotely. Affected component is the Relocate Upload plugin’s relocate-upload.php; root cause is improper han...

CVE-2010-5038

PHP remote file inclusion vulnerability in contact/contact.php in Groone's Simple Contact Form allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter...

WordPress Plugin Allow PHP in Posts and Pages 2.0.0.RC1 - SQL Injection

WordPress Plugin Allow PHP in Posts and Pages 2.0.0.RC1 - SQL Injection Exploit Title: WordPress Allow PHP in Posts and Pages plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0 --------------- Vulnerable code --------------- if!isset$POST'allowPHPNonce' if !wpverifynonce...