Mark Gruffer

**Name of the Vulnerable Software and Affected Versions** Nevma Adaptive Images plugin versions prior to 0.6.67 **Description** A Local File Inclusion issue allows remote attackers to retrieve arbitrary files. This is achieved via the `adaptive-images-settings` parameter, specifically through the `source file` variable in the adaptive-images-script.php file. **Recommendations** For versions prior to 0.6.67, update to version 0.6.67 or later to resolve the issue. As a temporary workaround, consider restricting access to the adaptive-images-script.php file to minimize the risk of exploitation. Avoid using the `source file` variable in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Nevma Adaptive Images plugin versions prior to 0.6.67 **Description** The issue allows remote attackers to delete arbitrary files via the `adaptive-images-settings` parameter in adaptive-images-script.php. This is achieved by exploiting the $REQUEST['adaptive-images-settings'] parameter. **Recommendations** For versions prior to 0.6.67, update to version 0.6.67 or later to resolve the issue. As a temporary workaround, consider restricting access to the adaptive-images-script.php file until a patch is available. Avoid using the `adaptive-images-settings` parameter in the affected API endpoint until the issue is resolved.