The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 87.1%.
PHP
RCE
WordPress
LFI
Canto
NVD
CVSS 3.1
9.8
EPSS
87.1%
Threat
6.1