Lucene search

K
wpexploitApple502jWPEX-ID:FB9DBCDF-4FFD-484D-9B67-283683D050FD
HistoryJun 23, 2021 - 12:00 a.m.

WP Image Zoom < 1.47 - Local File Inclusion

2021-06-2300:00:00
apple502j
441

The plugin did not validate its tab parameter before using it in the include_once() function, leading to a local file inclusion issue in the admin dashboard

PoC: https://example.com/wp-admin/admin.php?page=zoooom_settings&tab=whatever

This URL shows include_once error, which indicates that the parameter is not sanitized.
Related for WPEX-ID:FB9DBCDF-4FFD-484D-9B67-283683D050FD