WordPress Plugin Vulnerabilities

InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE

Description

The plugin insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers.

Proof of Concept

Affects Plugins

Plugin icon
inpost-gallery
Fixed in 2.1.4.1

References

CVE
CVE-2022-4063

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
10.0 (critical)

Miscellaneous

Original Researcher
cydave
Submitter
cydave
Submitter website
https://cyllective.com/
Submitter twitter
cyllective
Verified
Yes
WPVDB ID
6bb07ec1-f1aa-4f4b-9717-c92f651a90a7

Timeline

Publicly Published
2022-11-28 (about 3 years ago)
Added
2022-11-28 (about 3 years ago)
Last Updated
2022-11-28 (about 3 years ago)

Other

Published
Title
Published
2025-03-29
Title
Include URL <= 0.3.5 - Authenticated (Contributor+) Arbitrary File Download
Published
2024-06-05
Title
Startklar Elementor Addons <= 1.7.15 - Unauthenticated Path Traversal to Arbitrary Directory Deletion
Published
2025-08-20
Title
WP Webhooks < 3.3.6 - Unauthenticated Arbitrary File Copy
Published
2025-04-17
Title
StoreContrl Woocommerce < 4.1.4 - Unauthenticated Arbitrary File Download
Published
2025-09-12
Title
The Hack Repair Guy's Plugin Archiver < 3.1.1 - Authenticated (Administrator+) Arbitrary File Deletion