2 matches found
CVE-2021-24825
The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ v 4.0.1 or Admin+ v 4.0.2 users to display arbitrary files from the filesystem such as logs, .htaccess etc, as well as perform Local File Inclusion...
Design/Logic Flaw
The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ v 4.0.1 or Admin+ v 4.0.2 users to display arbitrary files from the filesystem such as logs, .htaccess etc, as well as perform Local File Inclusion...