Description

WordPress Plugin WP Image Zoom is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Image Zoom version 1.46 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.47 or latest

References

https://sploitus.com/exploit?id=WPEX-ID:FB9DBCDF-4FFD-484D-9B67-283683D050FD

Related Vulnerabilities

WordPress Plugin Asgaros Forum Cross-Site Request Forgery (1.5.8)

WordPress Plugin DM Albums Multiple File Deletion Vulnerabilities (2.1)

WordPress Plugin Download Monitor Unspecified Vulnerability (1.9.6)

WordPress Plugin Pike Firewall Information Disclosure (1.4)

WordPress Plugin 3DPrint Lite Cross-Site Scripting (1.9.1.5)

Severity

High

Classification

CVE-2021-24447 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Tags

Missing Update File Inclusion