Severity
High
Analysis Summary
CVE-2023-25995 CVSS:7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in choicehomemortgage AI Mortgage Calculator allows PHP Local File Inclusion. This issue affects AI Mortgage Calculator: from n/a through 1.0.1.
CVE-2023-26003 CVSS:7.6
mproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vipul Jariwala WP Post Corrector allows SQL Injection. This issue affects WP Post Corrector: from n/a through 1.0.2.
Impact
- Gain Access
- Data Manipulation
Indicators of Compromise
CVE
CVE-2023-25995
CVE-2023-26003
Affected Vendors
- WordPress
Affected Products
- choicehomemortgage AI Mortgage Calculator - n/a
- vipul Jariwala WP Post Corrector - n/a
Remediation
Update the WordPress plugin to the latest available version.