WordPress Cost Calculator plugin path traversal vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A path traversal vulnerability exists in WordPress Cost Calculator plugin version 1.4 and earlier, which arise...

CVE-2021-24820

The Cost Calculator WordPress plugin through 1.6 allows authenticated users Contributor+ in versions 1.5, and Admin+ in versions = 1.6 to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout...

Path traversal

The Cost Calculator WordPress plugin through 1.6 allows authenticated users Contributor+ in versions 1.5, and Admin+ in versions = 1.6 to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout...

CVE-2021-24820 Cost Calculator <= 1.6 - Authenticated Local File Inclusion

The Cost Calculator WordPress plugin through 1.6 allows authenticated users Contributor+ in versions 1.5, and Admin+ in versions = 1.6 to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout...

Cost Calculator <= 1.8 - Authenticated Local File Inclusion

The plugin allows authenticated users Contributor+ in versions 1.5, and Admin+ in versions = 1.8 to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout PoC As a contributor, create a Cost Calculator post, set the Layout to...

Cost Calculator <= 1.4 - Contributor+ Local File Inclusion

The plugin allows users with a role as low as Contributor to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout PoC As a contributor, create a Cost Calculator post, set the Layout to /../../../../../../../../../../file assuming the fil...

YITH WooCommerce Product Add-Ons < 2.1.0 - Authenticated Local File Inclusion

The plugin does not validate user input before using it to generate a local path passed to include, which could lead to a Local File Inclusion issue on Windows Web Servers PoC https://example.com/wp-admin/admin.php?page=yithwapopanel=blocksid=1id=1type=html%2F..%2Fhello...

CactuShop - User Invoices Persistent XSS Vulnerability

No description provided by source. User Invoices Persistent XSS Vulnerability in CactuShop 1. Advisory Information Title: User Invoices Persistent XSS Vulnerability in CactuShop Advisory Id: CORE-2010-0406 Advisory URL: http://www.coresecurity.com/content/cactushop-xss-persistent-vulnerability Da...

Multiple Web Server on Windows MS/DOS Device Request Remote DOS

It was possible to freeze or reboot Windows by reading a MS/DOS device through HTTP, using a file name like CON\CON, AUX.htm, or AUX. An attacker could exploit this flaw to deny service to the affected system. C Tenable Network Security, Inc. Script audit and contributions from Carmichael Securit...