CVE-2021-24447
The CVE covers the WordPress plugin WP Image Zoom, vulnerable before version 1.47. The root cause is lack of validation of the tab parameter used in include_once(), leading to a Local File Inclusion in the admin dashboard. Public sources consistently describe a local file inclusion vulnerability,...