The Button Generator WordPress plugin prior to 2.3.3 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or protocols), thus leading to CSRF RCE.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wow-company button generator |