Headline

CVE-2022-29446: WordPress Counter Box plugin <= 1.1.1 - Authenticated Local File Inclusion (LFI) vulnerability - Patchstack

Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company’s Counter Box plugin <= 1.1.1 at WordPress.

2 years ago

CVE

Open in Source

#vulnerability #web #wordpress #auth

counter-box

Software

Counter Box

Vulnerable Versions

<= 1.1.1

Fixed in version

1.2

CVE

CVE-2022-29446

References

Credits

Classification

Local File Inclusion

OWASP Top 10

A1: Injection

Disclosure Date

2022-05-16

CVSS 3.0 score

Requires high role user authentication like admin.

Are your websites subject to this vulnerability?

Details

Authenticated Local File Inclusion (LFI) vulnerability discovered by 0xB9 (Patchstack Alliance) in WordPress Counter Box plugin (versions <= 1.1.1).

Solution

Update the WordPress Counter Box plugin to the latest available version (at least 1.2).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

12 months ago

12 months ago

12 months ago

12 months ago

12 months ago