Improved Include Page
Monthly
The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with post_type & post_status which can be used to retrieve arbitrary content. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with post_type & post_status which can be used to retrieve arbitrary content. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.