Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbApple502jWPVDB-ID:FB9DBCDF-4FFD-484D-9B67-283683D050FD
HistoryJun 23, 2021 - 12:00 a.m.

WP Image Zoom < 1.47 - Local File Inclusion

2021-06-2300:00:00
apple502j
wpscan.com
5
JSON

The plugin did not validate its tab parameter before using it in the include_once() function, leading to a local file inclusion issue in the admin dashboard

PoC

PoC: https://example.com/wp-admin/admin.php?page=zoooom_settings&amp;tab;=whatever This URL shows include_once error, which indicates that the parameter is not sanitized.

CPENameOperatorVersion
wp-image-zoooomlt1.47

Related

patchstack 1
cnvd 1
prion 1
wpexploit 1
cve 1
patchstack
patchstack
WordPress WP Image Zoom plugin <= 1.46 - Local File Inclusion (LFI) vulnerability
2021-06-23 00:00:00
cnvd
cnvd
WordPress WP Image Zoom plugin file inclusion vulnerability
2021-07-20 00:00:00
prion
prion
Design/Logic Flaw
2021-07-19 11:15:00
wpexploit
wpexploit
WP Image Zoom < 1.47 - Local File Inclusion
2021-06-23 00:00:00
cve
cve
CVE-2021-24447
2021-07-19 11:15:00
JSON
Related for WPVDB-ID:FB9DBCDF-4FFD-484D-9B67-283683D050FD
patchstack1cnvd1prion1wpexploit1cve1