Dismissed
Permalink
CVE-2025-60202
7.5 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
by @LeSuisse Activity log
- Created automatic suggestion
- @LeSuisse dismissed
WordPress Favorites plugin <= 2.3.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Kyle Phillips Favorites favorites allows PHP Local File Inclusion.This issue affects Favorites: from n/a through <= 2.3.6.
References
- https://vdp.patchstack.com/database/Wordpress/Plugin/favorites/vulnerability/wo… vdb-entry
- https://vdp.patchstack.com/database/Wordpress/Plugin/favorites/vulnerability/wo… vdb-entry
- https://vdp.patchstack.com/database/Wordpress/Plugin/favorites/vulnerability/wo… vdb-entry
- https://patchstack.com/database/Wordpress/Plugin/favorites/vulnerability/wordpr… vdb-entry
- https://patchstack.com/database/Wordpress/Plugin/favorites/vulnerability/wordpr… vdb-entry
Affected products
favorites
- =<<= 2.3.6
Matching in nixpkgs
pkgs.gnomeExtensions.panel-favorites
Add launchers for Favorites to the panel
pkgs.gnomeExtensions.favorites-to-applications-grid
Keep your favorite applications in your applications grid.
Package maintainers
-
@honnip Jung seungwoo <me@honnip.page>