WordPress Plugin Vulnerabilities

Theme Tuner < 0.8 - Remote File Inclusion

Description

The Theme Tuner WordPress plugin was affected by a Remote File Inclusion security vulnerability.

Affects Plugins

Plugin icon
theme-tuner
Fixed in 0.8

References

CVE
CVE-2012-0934
URL
https://exchange.xforce.ibmcloud.com/vulnerabilities/72626
URL
https://web.archive.org/web/20191128011938/https://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/

Classification

Type
RFI
OWASP top 10
A1: Injection
CWE
CWE-98

Miscellaneous

Verified
No
WPVDB ID
bb911962-cffc-40f7-9fba-60511a53bf35

Timeline

Publicly Published
2012-01-23 (about 14 years ago)
Added
2019-08-23 (about 6 years ago)
Last Updated
2020-03-09 (about 6 years ago)

Other

Published
Title
Published
2026-02-25
Title
ElectroServ | Electrical Repair Service WordPress Theme <= 1.3.2 - Unauthenticated Local File Inclusion
Published
2025-12-31
Title
Indoor Plants <= 1.2.7 - Unauthenticated Local File Inclusion
Published
2025-06-27
Title
Hotel Booking < 3.8 - Authenticated (Contributor+) Local File Inclusion
Published
2025-05-21
Title
Wilmër < 3.4.2 - Unauthenticated Local File Inclusion
Published
2025-05-07
Title
WPAdverts < 2.2.3 - Authenticated (Contributor+) Local File Inclusion