WordPress WPIDE – File Manager & Code Editor plugin <= 2.6 - Authenticated Local File Inclusion (LFI) vulnerability
PSID
55ff656455e6
Classification
Local File Inclusion
OWASP Top 10
A1: Injection
Required privilege
Requires high role user authentication like admin.
Publicly disclosed
2022-08-03
Patchstack vPatch available since
09.12.2021
Details
Authenticated Local File Inclusion (LFI) vulnerability discovered by Raad Haddad in WordPress WPIDE – File Manager & Code Editor plugin (versions <= 2.6).
Solution
Update the WordPress WPIDE – File Manager & Code Editor plugin to the latest available version (at least 3.0).
References
Vulnerability details