Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Custom Content Shortcode < 4.0.2 - Authenticated Arbitrary File Access / LFI
Vulnerability Description
The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display arbitrary files from the filesystem (such as logs, .htaccess etc), as well as perform Local File Inclusion attacks as PHP files will be executed. Please note that such attack is still possible by admin+ in single site blogs by default (but won't be when either the unfiltered_html or file_edit is disallowed)
CVSS Information
N/A
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
WordPress plugin Custom Content Shortcode 数据伪造问题漏洞
Vulnerability Description
WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 WordPress plugin Custom Content Shortcode 4.0.2之前版本存在数据伪造问题漏洞,该漏洞源于WordPress的Custom Content Shortcode 插件不会验证传递给其加载简码的数据,从而允许 Contributor+ (v<4.0.1)或
CVSS Information
N/A
Vulnerability Type
N/A