The plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution
CPE | Name | Operator | Version |
---|---|---|---|
wp-publications | eq | * |