3 matches found
CVE-2023-2435 Blog-in-Blog <= 2.0.0 - Authenticated (Editor+) Local File Inclusion via Shortcode
The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.0 via a shortcode attribute. This allows editor-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files...
CVE-2023-2435
CVE-2023-2435 affects the Blog-in-Blog WordPress plugin, with Local File Inclusion via a shortcode attribute in versions up to 1.1.1. The issue allows editor-level+ attackers to include and execute arbitrary PHP files on the server, potentially bypassing access controls and leading to code execut...
WordPress Blog-in-Blog Plugin <= 1.1.1 is vulnerable to Local File Inclusion
Software Blog-in-Blog Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-2435 Patch priority Medium CVSS severity Medium 6 Developer Claim ownership PSID d20c4a81f261 Credits Lana Codes Required privilege Editor Publish...