Lucene search
China National Vulnerability DatabaseCNVD-2021-59588HistoryJul 20, 2021 - 12:00 a.m.
WordPress WP Image Zoom plugin file inclusion vulnerability
2021-07-2000:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
wordpress
php
mysql
file inclusion
vulnerability
admin dashboard
sensitive information
EPSS
0.001
Percentile
47.2%
WordPress is the WordPress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin WP Image Zoom has a file inclusion vulnerability in versions prior to 1.47. The vulnerability stems from not validating its tab parameter before using it in the include once() function, leading to a local file inclusion issue in the admin dashboard. An attacker could use this vulnerability to obtain the inclusion of local files to obtain sensitive information, etc.
Related
nvd
nvd
CVE-2021-24447
2021-07-19 11:15:08
wpvulndb
wpvulndb
WP Image Zoom < 1.47 - Local File Inclusion
2021-06-23 00:00:00
prion
prion
Design/Logic Flaw
2021-07-19 11:15:00
cve
cve
CVE-2021-24447
2021-07-19 11:15:08
wpexploit
wpexploit
WP Image Zoom < 1.47 - Local File Inclusion
2021-06-23 00:00:00
patchstack
patchstack
cvelist
cvelist
CVE-2021-24447 WP Image Zoom < 1.47 - Local File Inclusion
2021-07-19 10:53:16