2 matches found
WordPress Content Blocks (Custom Post Widget) Plugin <= 3.3.0 is vulnerable to Local File Inclusion
Software Content Blocks Custom Post Widget Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.3.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3564 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 7062c181fd50 Credits Krzysztof Zając Required...
CVE-2024-3564
CVE-2024-3564 concerns the WordPress plugin Content Blocks (Custom Post Widget). Public sources confirm a Local File Inclusion vulnerability via the content_block shortcode in all versions up to 3.3.0, exploitable by authenticated attackers with contributor+ privileges to include and execute arbi...