Primary

Context

WordPress Plugin WP with Spritz Remote File Inclusion Vulnerability

Vulnerability

A remote file inclusion vulnerability has been identified in the WordPress Plugin WP with Spritz, version 1.0. This vulnerability allows unauthenticated attackers to read arbitrary files by injecting file paths into the 'url' parameter. Exploitation involves sending GET requests to 'wp.spritz.content.filter.php' with malicious 'url' values, potentially accessing sensitive files such as system configuration and credentials.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files, including system configuration and credentials.

Reproduction

To reproduce this vulnerability, send a GET request to 'wp.spritz.content.filter.php' with a crafted 'url' parameter that points to an arbitrary file, such as '/etc/passwd'. The server will respond with the contents of the specified file, demonstrating the file inclusion vulnerability.

Added: May 17, 2026, 1:25 PM

Updated: May 17, 2026, 1:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

8.6

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

8.6

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Plugin WP with Spritz Remote File Inclusion Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

WP with Spritz

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating