The plugin did not validate its tab parameter before using it in the include_once() function, leading to a local file inclusion issue in the admin dashboard
PoC: https://example.com/wp-admin/admin.php?page=zoooom_settings&tab=whatever This URL shows include_once error, which indicates that the parameter is not sanitized.
apple502j
apple502j
Yes
2021-06-23 (about 1 years ago)
2021-06-23 (about 1 years ago)
2022-01-02 (about 5 months ago)