ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP With Spritz plugin 1.0 - File Inclusion vulnerability

Product
WP with Spritz
Description
File Inclusion vulnerability found by Wadeek in WordPress WP With Spritz plugin (version 1.0).
Solution
29.04.2018 - no solution found, according to WordPress.org plugin repository the last update made three years ago. Attention! This vulnerability discoverable by Google Dork: intitle:("Spritz Login Success") AND inurl:("wp-with-spritz/wp.spritz.login.success.html"). The plugin is dangerous, deactivate and uninstall.
Classification
Type Local File Inclusion
OWASP Top 10 A4: Insecure Direct Object References
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In 1.0
Disclosure date
2018-04-29
Credits
Wadeek
Submitter
ThreatPress