CVE-2021-38360
HIGHwp-publications <= 0.0 - Local File Inclusion via Q_FILE Parameter
Title source: llmDescription
The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38360
Third Party Advisory x_refsource_misc
https://plugins.trac.wordpress.org/browser/wp-publications/trunk/bibtexbrowser.php?rev=1830330#L49
Scores
CVSS v3
8.3
EPSS
0.0219
EPSS Percentile
80.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-22
CWE-829
Status
published
Products (1)
wp-publications_project/wp-publications
Published
Sep 10, 2021
Tracked Since
Feb 18, 2026