WordPress Plugin Vulnerabilities

Theme My Login 6.3.9 - Local File Inclusion

Description

The Theme My Login WordPress plugin was affected by a Local File Inclusion security vulnerability.

Affects Plugins

Plugin icon
theme-my-login
Fixed in 6.3.10

References

URL
https://packetstormsecurity.com/files/#127302/
URL
https://seclists.org/fulldisclosure/2014/Jun/172
URL
https://advisories.dxw.com/advisories/lfi-in-theme-my-login/

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Verified
No
WPVDB ID
75696a10-352d-4eda-8304-5cf2e5de2b15

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2015-06-10
Title
History Collection <= 1.1.1 - Arbitraty File Download
Published
2026-01-16
Title
Gutenberg Thim Blocks < 1.0.2 - Authenticated (Contributor+) Arbitrary File Read via 'iconSVG' Parameter
Published
2015-05-19
Title
Simple Backup <= 2.7.10 - Arbitrary File Download
Published
2025-07-15
Title
Counter live visitors for WooCommerce < 1.3.7 - Unauthenticated Arbitrary File Deletion in wcvisitor_get_block
Published
2025-07-08
Title
Support Board < 3.8.1 - Unauthenticated Arbitrary File Deletion