Skip to main content
CVE-2023-3452 CRITICAL POC PATCH THREAT Act Now

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 87.1%.

PHP RCE WordPress LFI Canto
NVD
CVSS 3.1
9.8
EPSS
87.1%
Threat
6.1

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy