CVE-2021-24453

HIGH

Include Me WordPress Plugin < 1.2.1 - Path Traversal and Remote Code Execution via Log Poisoning

Title source: llm
STIX 2.1

Description

The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore potentially a full compromise of the underlying structure

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://wpscan.com/vulnerability/78575072-4e04-4a8a-baec-f313cfffe829

Scores

CVSS v3 8.8
EPSS 0.0496
EPSS Percentile 91.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (1)
include_me_project/include_me < 1.2.1
Published Jul 19, 2021
Tracked Since Feb 18, 2026