ThreatPress

WordPress Vulnerabilities Database

Back

WordPress GraceMedia Media Player plugin 1.0 - Local File Inclusion (LFI) vulnerability

Product
GraceMedia Media Player
Description
Local File Inclusion (LFI) vulnerability found by Manuel García Cárdenas in WordPress GraceMedia Media Player plugin (version 1.0).
Solution
19 March 2019 - we were unable to find a patched version of this plugin. This plugin was closed on 17 March 2019 and is no longer available for download on WordPress.org plugin repository.
Classification
Type Local File Inclusion
OWASP Top 10 A1: Injection
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In 1.0
Disclosure date
2019-03-19
Credits
Manuel García Cárdenas
Submitter
ThreatPress