WordPress Plugin Vulnerabilities
WP Image Zoom < 1.47 - Local File Inclusion
Description
The plugin did not validate its tab parameter before using it in the include_once() function, leading to a local file inclusion issue in the admin dashboard
Proof of Concept
PoC: https://example.com/wp-admin/admin.php?page=zoooom_settings&tab=whatever This URL shows include_once error, which indicates that the parameter is not sanitized.
Affects Plugins
Fixed in version 1.47
References
Classification
Miscellaneous
Original Researcher
apple502j
Submitter
apple502j
Verified
Yes
Timeline
Publicly Published
2021-06-23 (about 1 years ago)
Added
2021-06-23 (about 1 years ago)
Last Updated
2022-01-02 (about 11 months ago)