WordPress Plugin Vulnerabilities

Canto < 3.0.5 - Unauthenticated Remote File Inclusion

Description

The Canto WordPress plugin was affected by an Unauthenticated File Inclusion security vulnerability.

Affects Plugins

Plugin icon
canto
Fixed in 3.0.5

References

CVE
CVE-2023-3452

Classification

Type
RFI
OWASP top 10
A1: Injection
CWE
CWE-98
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Marco Wotschka
Verified
No
WPVDB ID
9e2817c7-d4aa-4ed9-a3d7-18f3117ed810

Timeline

Publicly Published
2023-08-09 (about 2 years ago)
Added
2023-08-16 (about 2 years ago)
Last Updated
2023-08-16 (about 2 years ago)

Other

Published
Title
Published
2025-03-17
Title
GetShop ecommerce <= 1.3 - Unauthenticated Local File Inclusion
Published
2025-12-31
Title
Indoor Plants <= 1.2.7 - Unauthenticated Local File Inclusion
Published
2024-04-17
Title
Salient Shortcodes < 1.5.4 - Authenticated (Contributor+) Local File Inclusion via Shortcode
Published
2025-08-04
Title
Renewal <= 1.2.2 - Unauthenticated Local File Inclusion
Published
2026-02-17
Title
A-Mart <= 1.0.2 - Unauthenticated Local File Inclusion