关键信息 漏洞名称: WordPress FW Gallery Plugin <= 8.0.0 is vulnerable to Local File Inclusion 优先级: High priority 受影响版本: <= 8.0.0 修复状态: No official fix available 风险: This vulnerability is highly dangerous and expected to become mass exploited. 漏洞类型: Local File Inclusion 描述: A malicious actor could include local files of the target website and show its output on the screen. Files which store credentials, such as database credentials, could potentially allow complete database takeover depending on the configuration. 解决方案: Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until an official fix becomes available. 时间线: - Reported by LVT-shoh2k: 29 April 2023 - Early warning sent out to Patchstack customers: 25 Jun 2023 - Published by Patchstack: 27 Jun 2023