Description
pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data.
Remediation
References
Related Vulnerabilities
MyBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-41362)
PHP Numeric Errors Vulnerability (CVE-2007-1001)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-9933)
WordPress Plugin Testimonial-Best Testimonial Slider Cross-Site Scripting (2.1.6)