CVE-2012-10025 WordPress Plugin Advanced Custom Fields <= 3.5.1 Remote File Inclusion
The WordPress plugin Advanced Custom Fields ACF version 3.5.1 and below contains a remote file inclusion RFI vulnerability in core/actions/export.php. When the PHP configuration directive allowurlinclude is enabled default: Off, an unauthenticated attacker can exploit the acfabspath POST paramete...