WordPress Plugin Vulnerabilities

Really Simple Guest Post Plugin <= 1.0.6 - File Include

Description

The really-simple-guest-post WordPress plugin was affected by a File Include security vulnerability.

Affects Plugins

Plugin icon
really-simple-guest-post
Fixed in 1.0.7

References

Exploitdb
37209
URL
https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_really_simple_guest_post_file_read.rb

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
90782c91-cc76-4eca-afb8-fe4c4bba72a6

Timeline

Publicly Published
2015-06-05 (about 10 years ago)
Added
2015-06-09 (about 10 years ago)
Last Updated
2019-10-22 (about 6 years ago)

Other

Published
Title
Published
2022-08-03
Title
WPide < 3.0 - Admin+ Local File Inclusion
Published
2022-05-16
Title
Counter Box < 1.2 - Admin+ LFI
Published
2025-02-21
Title
MyTicket Events <= 1.2.4 - Unauthenticated Limited File Read
Published
2024-11-12
Title
WordPress User Extra Fields < 16.7 - Unauthenticated Arbitrary File Deletion
Published
2015-10-05
Title
Easy2Map < 1.3.0 - Local File Inclusion