CVE-2022-1391
CRITICAL EXPLOITED NUCLEICab fare calculator WordPress plugin < 1.0.4 - Local File Inclusion via Controller Parameter
Title source: llmExploitation Summary
CVE-2022-1391 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.
Nuclei Templates (1)
WordPress Cab fare calculator < 1.0.4 - Local File Inclusion
CRITICALby Splint3r7
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/680121fe-6668-4c1a-a30d-e70dd9be5aac
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/166533/
Scores
CVSS v3
9.8
EPSS
0.1359
EPSS Percentile
96.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2025-06-09
CWE
CWE-22
Status
published
Products (1)
kanev/cab_fare_calculator
< 1.0.4
Published
Apr 25, 2022
Tracked Since
Feb 18, 2026