Description
- WordPress Plugin Landing Page Builder-Drag and drop Page Creator, Page Designer, and Coming Soon Pages is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Landing Page Builder-Drag and drop Page Creator, Page Designer, and Coming Soon Pages version 1.4.3 is vulnerable; prior versions may also be affected.
Remediation
- Update to plugin version 1.4.4 or latest
References
Severity
Classification
Tags
Related Vulnerabilities
- Microsoft IIS5 NTLM and Basic authentication bypass
- WordPress Plugin Custom Login Page Customizer-LoginPress Multiple Vulnerabilities (1.1.13)
- WordPress Plugin Smart Forms-Calculated Fields, Form Builder, Easy To Use Cross-Site Scripting (2.6.15)
- MySQL buffer overflow in user defined functions
- WordPress Plugin Badgearoo Cross-Site Scripting (1.0.8)