CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder: from n/a through <= 1.9.1.
Explanation of Vulnerability in Simple Terms
Extensive VC Addons for WPBakery contains a code injection vulnerability affecting versions up to 1.9.1. An attacker can inject and execute arbitrary code on the site without authentication. The vulnerability requires specific conditions to trigger but allows complete compromise of the WordPress installation, including reading sensitive data, modifying content, and disrupting service.
What an attacker can do
Execute arbitrary code on the site and gain full control of the WordPress installation.
Potential impact on your site
Complete compromise of the WordPress site, including data theft, malware injection, and service disruption.
Conditions required to exploit
Network access to the site; no authentication or user interaction required, but attack complexity is high.
Key dates
External resources
Related vulnerabilities
