Security Advisory

CVE-2023-6295

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-12-18 20:08:01

Last updated 2024-08-02 08:28:21

Assigner WPScan

State PUBLISHED

Description

The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites.

← Browse all CVEs View on cve.org ↗