Security Advisory

CVE-2022-4063

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-12-19 13:41:37

Last updated 2025-04-17 14:01:03

Assigner WPScan

State PUBLISHED

Description

The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHPs extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers.

← Browse all CVEs View on cve.org ↗