WordPress Plugin Vulnerabilities
Videos sync PDF <= 1.7.4 - Unauthenticated LFI
Description
The plugin does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues
Proof of Concept
https://example.com/wp-content/plugins/video-synchro-pdf/reglages/Menu_Plugins/tout.php?p=LFI
Affects Plugins
References
Classification
Type
LFI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Hassan Khan Yusufzai - Splint3r7
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-03-30 (about 2 years ago)
Added
2022-03-30 (about 2 years ago)
Last Updated
2022-04-20 (about 2 years ago)