SiteOrigin Widgets Bundle, CVE-2023-6295

CVE, Research URL: CVE-2023-6295
Home page URL: Security reports for SiteOrigin Widgets Bundle
Application: SiteOrigin Widgets Bundle
Published on: Dec 19, 2023
Research Description: The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites.
Affected versions: Min -, max 1.58.2.
Status: vulnerable