Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/15 12:0 p.m.31 views

CVE-2016-20080 WordPress Brandfolder Plugin 3.0 Local File Inclusion via callback.php

WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating the wpabspath parameter. Attackers can supply path traversal sequences or remote URLs through the...

6.9CVSS0.0039EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:11 p.m.6 views

CVE-2018-25324

Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wpabspath parameter on PHP versions before 5.3.4. Attackers can supply malicious wpabspath values to...

6.9CVSS6.5AI score0.00533EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/17 12:11 p.m.7 views

CVE-2018-25324 Simple Fields 0.2-0.3.5 Local File Inclusion via wp_abspath

Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wpabspath parameter on PHP versions before 5.3.4. Attackers can supply malicious wpabspath values to...

6.9CVSS6.5AI score0.00533EPSS
Exploits0References4
CVE
CVE
added 2026/05/17 12:11 p.m.18 views

CVE-2018-25324

The CVE-2018-25324 entry concerns the WordPress plugin Simple Fields versions 0.2–0.3.5, which contains a local file inclusion (LFI) flaw via the wp_abspath parameter. Unauthenticated attackers can read arbitrary files (e.g., /etc/passwd) by injecting null bytes into wp_abspath on PHP versions be...

6.9CVSS6.5AI score0.00533EPSS
Exploits0References4
Rows per page
Query Builder