WordPress Plugin Vulnerabilities

Counter Box < 1.2 - Admin+ LFI

Description

The plugin does not properly validate the current tab used before generating a path and using it in an include statement, which could lead to LFI

Affects Plugins

Plugin icon
counter-box
Fixed in 1.2

References

CVE
CVE-2022-29446

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
BEE-K
Verified
No
WPVDB ID
09662fe7-4f77-49c1-9cfa-9a7249016523

Timeline

Publicly Published
2022-05-16 (about 3 years ago)
Added
2022-05-19 (about 3 years ago)
Last Updated
2023-02-13 (about 3 years ago)

Other

Published
Title
Published
2014-12-29
Title
Sell Downloads 1.0.1 - Arbitrary File Disclosure
Published
2026-01-16
Title
Feeds for YouTube Pro < 2.6.1 - Unauthenticated Arbitrary File Read via Path Traversal
Published
2015-08-02
Title
recent-backups <= 0.7 - Remote File Download
Published
2015-07-02
Title
MDC YouTube Downloader <= 2.1.0 - Local File Inclusion
Published
2025-04-30
Title
Section Widget <= 3.3.1 - Unauthenticated Path Traversal