exploitDog

CVE-2025-26933

Опубликовано: 10 мар. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nitin Prakash WC Place Order Without Payment allows PHP Local File Inclusion. This issue affects WC Place Order Without Payment: from n/a through 2.6.7.

Ссылки

https://patchstack.com/database/wordpress/plugin/wc-place-order-without-payment/vulnerability/wordpress-place-order-without-payment-for-woocommerce-plugin-2-6-7-local-file-inclusion-vulnerability?_s_id=cve

EPSS

Процентиль: 46%

0.00236

Низкий

7.5 High

CVSS3

Дефекты

CWE-98

Связанные уязвимости

GHSA-x6h9-j33j-2wpw

CVSS3: 7.5

github

11 месяцев назад

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nitin Prakash WC Place Order Without Payment allows PHP Local File Inclusion. This issue affects WC Place Order Without Payment: from n/a through 2.6.7.

EPSS

Процентиль: 46%

0.00236

Низкий

7.5 High

CVSS3

Дефекты

CWE-98