← back
CVE-2021-24447

WP Image Zoom < 1.47 - Local File Inclusion

EPSS 1.4%CWE-22
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
19 Jul 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The WP Image Zoom WordPress plugin before 1.47 did not validate its tab parameter before using it in the include_once() function, leading to a local file inclusion issue in the admin dashboard
Affected products
Unknown · WP Image Zoom

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/fb9dbcdf-4ffd-484d-9b67-283683d050fd