exploitDog

GHSA-4735-w7g7-ghx3

Опубликовано: 24 апр. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 8.6

Описание

The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to generate paths passed to include function/s, allowing unauthenticated users to perform LFI attacks and download arbitrary file from the server

The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to generate paths passed to include function/s, allowing unauthenticated users to perform LFI attacks and download arbitrary file from the server

Ссылки

EPSS

Процентиль: 57%

0.0035

Низкий

8.6 High

CVSS3

CVE ID

Связанные уязвимости

CVE-2025-2558

CVSS3: 8.6

nvd

10 месяцев назад

The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to generate paths passed to include function/s, allowing unauthenticated users to perform LFI attacks and download arbitrary file from the server

EPSS

Процентиль: 57%

0.0035

Низкий

8.6 High

CVSS3

CVE ID