Path Traversal and Local File Inclusion Vulnerability in Include Me WordPress Plugin: Risk of Remote Code Execution and System Compromise

Path Traversal and Local File Inclusion Vulnerability in Include Me WordPress Plugin: Risk of Remote Code Execution and System Compromise

CVE-2021-24453 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore potentially a full compromise of the underlying structure

Learn more about our Wordpress Pen Testing.