Intrusion PreventionWordPress.Canto.Plugin.Admin.php.Remote.File.Inclusion
Description
This indicates an attack to exploit a Remote File Inclusion vulnerability in Canto plugin for WordPress.
The vulnerability is due to improper handling of a maliciously crafted request to the vulnerable application. An unauthenticated remote attacker may be able to exploit this to execute arbitrary code within the context of the application.
Affected Products
WordPress Canto plugin 3.0.4 and prior
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://plugins.trac.wordpress.org/browser/canto/trunk/includes/lib/tree.php?rev=2841358#L5
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2024-04-23 | 27.773 | Name:WordPress. Canto. Remote. File. Inclusion:WordPress. Canto. Plugin. Admin. php. Remote. File. Inclusion |
| 2024-04-01 | 27.758 |
| ID | 55183 |
| Created | Mar 21, 2024 |
| Updated | Apr 25, 2024 |
| Risk |
|
| CVE ID | CVE-2023-3452 |
| Exploit Prediction Score | 0.15% |
| Default Action | drop |
| Active | |
| Affected OS | All |
| Affected App | PHP_app |