CVE-2018-25324 | Simple-Fields Simple Fields Plugin up to 0.2/0.3.5/5.3.4 on WordPress simple_fields.php wp_abspath filename control (Exploit 44425 / EDB-44425)

SecurityVulns
Yanac

A vulnerability was found in Simple-Fields Simple Fields Plugin up to 0.2/0.3.5/5.3.4 on WordPress. It has been classified as problematic. This vulnerability affects unknown code of the file simple_fields.php. This manipulation of the argument wp_abspath causes improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is handled as CVE-2018-25324. The attack can be initiated remotely. Additionally, an exploit exists.VulDB Recent EntriesRead More