The Extensive VC Addons for WPBakery page builder...
High severity
Unreviewed
Published
Feb 13, 2023
to the GitHub Advisory Database
•
Updated Feb 23, 2023
Description
Published by the National Vulnerability Database
Feb 13, 2023
Published to the GitHub Advisory Database
Feb 13, 2023
Last updated
Feb 23, 2023
The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system.
References