Description

WordPress Plugin Extensive VC Addons for WPBakery page builder is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Extensive VC Addons for WPBakery page builder version 1.9 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.9.1 or latest

References

https://wpscan.com/vulnerability/239ea870-66e5-4754-952e-74d4dd60b809

https://plugins.svn.wordpress.org/extensive-vc-addon/trunk/readme.txt

Related Vulnerabilities

Grafana Authentication Bypass by Spoofing Vulnerability (CVE-2022-35957)

Twisted Web HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2022-24801)

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3714)

WordPress Plugin PublishPress Future: Automatically Unpublish WordPress Posts Cross-Site Scripting (2.7.0)

WordPress Plugin NextGEN Gallery-WordPress Gallery Multiple HTML Injection Vulnerabilities (1.9.0)

Severity

High

Classification

CVE-2023-0159 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update File Inclusion