Local File Inclusion in CodeMShop WordPress Payment Plugin
CVE-2024-56281

7.5HIGH

Key Information:

Vendor: Codemshop
Status: 워드프레스 결제 심플페이
Vendor: CVE Published:; 7 January 2025

Summary

The CodeMShop 워드프레스 결제 심플페이 plugin contains a vulnerability that allows attackers to exploit improper control of filename parameters leading to Local File Inclusion. This flaw can enable unauthorized access to sensitive files on the server, potentially leading to compromise of the web application. Affected versions include all prior to 5.2.0, necessitating immediate attention for users of this plugin to mitigate security risks.

Affected Version(s)

워드프레스 결제 심플페이 <= 5.2.0

References

https://patchstack.com/database/wordpress/plugin/pgall-fo...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 7, 2025
Vulnerability Reserved
Dec 18, 2024

Collectors

NVD DatabaseMitre Database

Credit

Peter Thaleikis (Patchstack Alliance)