The Modal Window WordPress plugin prior to 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or protocols), thus leading to CSRF RCE.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wow-company modal window |