cbcvebase.
CVE-2018-16299
published 2018-09-24

CVE-2018-16299: The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.

PriorityP265high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
43.72%
98.6th percentile
The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
localize_my_post_projectlocalize_my_post

Detection & IOCsextracted from sources · hover to see the quote

path/wp-content/plugins/localize-my-post/ajax/include.php
url/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd
  • Look for GET requests to ajax/include.php with a 'file' parameter containing directory traversal sequences (../../) targeting /etc/passwd or other sensitive files.
  • The vulnerable parameter 'file' is passed directly to PHP include() without sanitization; match on HTTP responses containing 'root:.*:0:0:' to confirm successful LFI exploitation.
  • The exploit requires HTTP/1.0 protocol version to interact with the application; flag anomalous HTTP/1.0 requests to the plugin path.
  • ·Vulnerability is specific to Localize My Post plugin version 1.0 for WordPress only; later versions are not confirmed affected.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.