WordPress Plugin Vulnerabilities

IMDb Profile Widget <= 1.0.8 - Local File Inclusion (LFI)

Description

The imdb-widget WordPress plugin was affected by a Local File Inclusion (LFI) security vulnerability.

Affects Plugins

Plugin icon
imdb-widget
Fixed in 1.0.9

References

CVE
CVE-2016-10991
URL
https://packetstormsecurity.com/files/#136447/
URL
https://plugins.trac.wordpress.org/changeset/1380296/imdb-widget

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
7.5 (high)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
556dc60b-42b1-4376-bc21-cbac02f1bdec

Timeline

Publicly Published
2016-03-30 (about 9 years ago)
Added
2016-03-30 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-07-23
Title
Latepoint < 5.1.94 - Unauthenticated LFI
Published
2023-06-12
Title
ND Shortcodes < 7.0 - Subscriber+ LFI
Published
2025-01-24
Title
WP Ultimate Exporter < 2.9.1 - Authenticated (Admin+) Arbitrary File Read
Published
2015-07-18
Title
wptf-image-gallery 1.0.3 - Remote File Download
Published
2024-11-27
Title
File Manager Pro – Filester < 1.8.6 - Authenticated (Administrator+) Local JavaScript File Inclusion