Vulnerabilities and security researches foramministrazione-aperta amministrazione-aperta

Jun 07, 2024

CVE, Research URL: CVE-2022-1560
Home page URL: Security reports for Amministrazione Aperta
Application: Amministrazione Aperta
Date: May 16, 2022
Research Description: The Amministrazione Aperta WordPress plugin before 3.8 does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file generates a fatal error when accessed directly and the affected code is not reached. The issue can be exploited via the dashboard when logged in as an admin, or by making a logged in admin open a malicious link
Affected versions: max 3.8.
Status: vulnerable

CVE, Research URL: 38871be92c2a58996eca3512955c084cba4ad38f
Home page URL: Security reports for Amministrazione Aperta
Application: Amministrazione Aperta
Date: Mar 23, 2022
Research Description: Amministrazione Aperta [amministrazione-aperta] <= 3.7.3 WordPress Amministrazione Aperta plugin <= 3.7.3 - Local File Inclusion (LFI) vulnerability Local File Inclusion (LFI) vulnerability discovered by Hassan Khan Yusufzai (Splint3r7) in WordPress Amministrazione Aperta plugin (versions <= 3.7.3).
Affected versions: max 3.7.3.
Status: vulnerable

May 12, 2026

CVE, Research URL: CVE-2022-50956
Home page URL: Security reports for Amministrazione Aperta
Application: Amministrazione Aperta
Date: May 10, 2026
Research Description: WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the open parameter. Attackers can supply file paths through the open GET parameter in dispatcher.php to include and read sensitive files accessible to the web server.
Affected versions: max 3.7.3.
Status: vulnerable