4 matches found
CVE-2023-6295
The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites...
CVE-2023-6295 so-widgets-bundle < 1.51.0 - Admin+ Local File Inclusion
The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites...
CVE-2023-6295
CVE-2023-6295 affects the SiteOrigin Widgets Bundle on WordPress, specifically versions
WordPress SiteOrigin Widgets Bundle Plugin <= 1.50.1 is vulnerable to Local File Inclusion
Software SiteOrigin Widgets Bundle Type Plugin Vulnerable versions = 1.50.1 Fixed in 1.51.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-6295 Patch priority Low CVSS severity Low 7.4 Developer Claim ownership PSID d65c4e36bd60 Credits Sebastian Neef Required privile...