Published: 24/09/2018 Updated: 23/11/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
localize my post project localize my post 1.0

# Exploit Title: WordPress Plugin Localize My Post 10 - Local File Inclusion # Author: Manuel Garcia Cardenas # Date: 2018-09-19 # Software link: eswordpressorg/plugins/localize-my-post/ # CVE: 2018-16299 # DESCRIPTION # This bug was found in the file: /localize-my-post/ajax/includephp # include($_REQUEST['file']); # The parameter "fil ...

Full Disclosure mailing list archives   By Date By Thread </form>    WordPress Plugin Localize My Post 10 - Local File Inclusion   Fr ...

CWE-22 https://www.exploit-db.com/exploits/45439/https://packetstormsecurity.com/files/149433/WordPress-Localize-My-Post-1.0-Local-File-Inclusion.html https://github.com/julianburr/wp-plugin-localizemypost/issues/1 http://seclists.org/fulldisclosure/2018/Sep/33 https://nvd.nist.gov https://www.exploit-db.com/exploits/45439/

CVE-2018-16299

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect