WordPress Plugin Vulnerabilities

Localize My Post 1.0 - Unauthenticated Local File Inclusion (LFI)

Description

The localize-my-post WordPress plugin was affected by an Unauthenticated Local File Inclusion (LFI) security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
localize-my-post
No known fix

References

CVE
CVE-2018-16299
Exploitdb
45439
URL
https://packetstormsecurity.com/files/#149433/
URL
https://seclists.org/fulldisclosure/2018/Sep/33

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Manuel Garcia Cardenas
Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
Yes
WPVDB ID
b84237d0-a58c-48cc-bbd0-32a2d575536c

Timeline

Publicly Published
2018-09-19 (about 7 years ago)
Added
2018-09-20 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-12-08
Title
Welcart e-Commerce < 2.9.7 - Authenticated (Administrator+) Directory Traversal
Published
2024-11-15
Title
PDF Generator Addon for Elementor Page Builder < 2.0.1 - Unauthenticated Arbitrary File Download
Published
2016-03-21
Title
ABtest - File Inclusion
Published
2026-05-04
Title
Loco Translate < 2.8.3 - Translator+ Path Traversal to Limited File Read via 'ref' Parameter
Published
2023-12-22
Title
Backup Migration < 1.4.0 - Unauthenticated Path Traversal to Arbitrary File Deletion