Unrated severityNVD Advisory· Published Dec 18, 2023· Updated Aug 2, 2024
so-widgets-bundle < 1.51.0 - Admin+ Local File Inclusion
CVE-2023-6295
Description
The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <1.51.0
- Range: 0
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/adc9ed9f-55b4-43a9-a79d-c7120764f47cmitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.