PT-2022-25427 · WordPress · Inpost Gallery
Cydave
·
Published
2022-12-19
·
Updated
2022-12-23
·
CVE-2022-4063
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
InPost Gallery WordPress plugin version 2.1.4 and earlier
Description
The issue arises from the insecure use of PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files and URLs. This could potentially enable them to run code on servers.
Recommendations
For InPost Gallery WordPress plugin version 2.1.4 and earlier, update to version 2.1.4.1 or later to resolve the issue.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Inpost Gallery