Shopify
Monthly
Local File Inclusion in the Shopify (Shopify Help Center) WordPress plugin through version 1.0.0 allows an authenticated user with at least Contributor privileges to include and read arbitrary local files on the server, potentially escalating to code execution via CWE-98-style file-inclusion abuse. The flaw was reported by Patchstack and carries a CVSS 7.5 rating driven by high confidentiality, integrity, and availability impact but with high attack complexity. No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Local File Inclusion in the Shopify (Shopify Help Center) WordPress plugin through version 1.0.0 allows an authenticated user with at least Contributor privileges to include and read arbitrary local files on the server, potentially escalating to code execution via CWE-98-style file-inclusion abuse. The flaw was reported by Patchstack and carries a CVSS 7.5 rating driven by high confidentiality, integrity, and availability impact but with high attack complexity. No public exploit identified at time of analysis, and it is not listed in CISA KEV.