WordPress Plugin WP with Spritz 1.0 Remote File Inclusion

Strike ID:
E18-0ydc1
CVSS:
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
False Positive:
f
Variants:
1
Year:
2018

Description

This strike exploits a remote file inclusion vulnerability in WordPress Plugin WP Spritz 1.0. The vulnerability is due to improper sanitization of the "url" parameter. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve arbitrary files from the target server.