WordPress Ad Widget < 2.12.0 – Authenticated Local File Inclusion (LFI)

Affects Plugins

ad-widget

Fixed in 2.12.0

References

URL

https://plugins.trac.wordpress.org/changeset/1628751/ad-widget

Classification

Type

LFI

OWASP top 10

A1: Injection

CWE

CWE-22

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

Yes

WPVDB ID

caca21fe-56bf-4d4c-afc8-4a218e52f0a2

Timeline

Publicly Published

2017-04-04 (about 8 years ago)

Added

2017-04-07 (about 8 years ago)

Last Updated

2019-11-01 (about 6 years ago)

Other

Published

Title

Published

2025-03-27

Title

JS Help Desk < 2.9.3 - Unauthenticated Arbitrary File Deletion

Published

2016-07-13

Title

WP Fastest Cache <= 0.8.5.9 - Local File Inclusion (LFI)

Published

2014-08-01

Title

OPS Old Post Spinner 2.2.1 - LFI

Published

2025-02-22

Title

Helloprint < 2.1.0 - Unauthenticated Arbitrary File Deletion

Published

2024-12-17

Title

WPLMS < 1.9.9.5.2 - Authenticated (Subscriber+) Arbitrary File Deletion