CVE-2012-10025
The WordPress plugin Advanced Custom Fields ACF version 3.5.1 and below contains a remote file inclusion RFI vulnerability in core/actions/export.php. When the PHP configuration directive allowurlinclude is enabled default: Off, an unauthenticated attacker can exploit the acfabspath POST paramete...