Softlab Core
Monthly
Unauthenticated local file inclusion in Softlab Core WordPress plugin versions before 1.2.11 allows remote attackers to read or include arbitrary local files on the server, potentially leading to sensitive information disclosure or remote code execution if attacker-controlled content can be reached. The flaw is reported by Patchstack and tagged as PHP/LFI affecting the WebGeniusLab Softlab Core plugin used in WordPress deployments. No public exploit identified at time of analysis, though the unauthenticated nature and high CVSS impact warrant prompt patching.
Unauthenticated local file inclusion in Softlab Core WordPress plugin versions before 1.2.11 allows remote attackers to read or include arbitrary local files on the server, potentially leading to sensitive information disclosure or remote code execution if attacker-controlled content can be reached. The flaw is reported by Patchstack and tagged as PHP/LFI affecting the WebGeniusLab Softlab Core plugin used in WordPress deployments. No public exploit identified at time of analysis, though the unauthenticated nature and high CVSS impact warrant prompt patching.