Impact
An unauthenticated user can trigger a Local File Inclusion vulnerability in the WordPress Integrio Core plugin before version 1.2.8. The flaw allows the attacker to read arbitrary files or potentially execute code by including local files through crafted input. This vulnerability is classified as CWE‑98, affecting confidentiality and potentially integrity of the site.
Affected Systems
The affected product is the WebGeniusLab Integrio Core WordPress plugin. All installations using version 1.2.7 or earlier are vulnerable. No specific minor versions are listed, so any release below 1.2.8 should be considered at risk.
Risk and Exploitability
The CVSS score is 8.1, indicating a high severity. The EPSS score is less than 1 %, suggesting a low likelihood of exploitation, and the vulnerability has not been listed in the CISA KEV catalog. The attack does not require authentication but relies on the plugin’s handling of local file paths, meaning the attacker must be able to send crafted requests to the vulnerable plugin endpoint. Given the high severity but low exploitation probability, administrators should prioritize patching but remain vigilant for any new indicators of exploitation.
OpenCVE Enrichment