WordPress Plugin Vulnerabilities

All-In-One-Gallery < 2.5.0 - Admin+ Local File Inclusion

Description

The plugin does not sanitise and validate the tab parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue

Proof of Concept

https://example.com/wp-admin/admin.php?page=all-in-one-video-gallery&tab=..%2F..%2F..%2F..%2F..%2Findex

Affects Plugins

Plugin icon
all-in-one-video-gallery
Fixed in 2.5.0

References

CVE
CVE-2021-24970
Exploitdb
50562

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
2.7 (low)

Miscellaneous

Original Researcher
Mohamed Magdy AbuMuslim
Submitter
Mohamed Magdy AbuMuslim
Submitter website
https://m19o.github.io
Submitter twitter
m19o__
Verified
Yes
WPVDB ID
9b15d47e-43b6-49a8-b2c3-b99c92101e10

Timeline

Publicly Published
2021-11-15 (about 2 years ago)
Added
2021-11-15 (about 2 years ago)
Last Updated
2022-04-11 (about 2 years ago)

Other

Published
Title
Published
2018-12-07
Title
WP Payeezy Pay < 2.98 - Local File Inclusion
Published
2023-12-26
Title
Ultimate Addons for Beaver Builder < 1.35.14 - Contributor+ Arbitrary File Download
Published
2012-07-10
Title
A Page Flip Book 2.3 - index.php pageflipbook_language Parameter Traversal Local File Inclusion
Published
2015-03-13
Title
IP Blacklist Cloud < 3.43 - Admin+ Arbitrary File Disclosure
Published
2015-03-28
Title
Aspose Importer & Exporter 1.0 - Arbitrary File Download