Lucene search

K
wpvulndbWpvulndbWPVDB-ID:1B0A48AD-05D1-4DB2-A565-7261DA0CBF8E
HistoryOct 28, 2022 - 12:00 a.m.

Ultimate Member < 2.5.1 - Contributor+ LFI via Traversal

2022-10-2800:00:00
wpscan.com
9
ultimate member
lfi
traversal
security
plugin
local file inclusion

EPSS

0.003

Percentile

69.4%

The plugin does not validate and sanitize the template attribute of its shortcode before using it in an include statement, which could allow users with a role as low as contributor to perform local file inclusion attacks via a Traversal vector

EPSS

0.003

Percentile

69.4%

Related for WPVDB-ID:1B0A48AD-05D1-4DB2-A565-7261DA0CBF8E