cleantalk
Vulnerabilities and Security Researches

WP-Appbox, cec60394318af09fd303e279df20a93f055a959c

CVE, Research URL

cec60394318af09fd303e279df20a93f055a959c

Home page URL

Security reports for WP-Appbox

Application

WP-Appbox

Published on
Jan 17, 2022
Research Description
WP-Appbox [wp-appbox] < 4.3.18 WP-Appbox <= 4.3.17 - Local File Inclusion The WP-Appbox plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.3.17 via the 'tab' parameter. This allows authenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Affected versions
max 4.3.18.
Status
vulnerable
Previous vulnerability researches
WP-Appbox (CVE-2025-1489) , Feb 24, 2025
WP-Appbox (b78e4a3b-e432-4968-8b83-125f3bac15cd) , Jun 16, 2026
WP-Appbox (38323495c61fe870f9687d2fb34e8fdaa47f2cea) , Jun 16, 2026
WP-Appbox (cec60394318af09fd303e279df20a93f055a959c) , Jun 16, 2026
WP-Appbox (CVE-2024-12710) , Dec 25, 2024
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026