Primary

Context

WordPress Plugin Amministrazione Aperta Local File Read Vulnerability

Vulnerability

A local file read vulnerability has been identified in the WordPress Plugin Amministrazione Aperta, version 3.7.3. This vulnerability allows unauthenticated attackers to read arbitrary files by exploiting inadequate input validation in the 'open' GET parameter of 'dispatcher.php'. Attackers can manipulate the 'open' parameter to include and access sensitive files that are accessible to the web server.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the server.

Reproduction

To reproduce this vulnerability, send a GET request to 'dispatcher.php' within the 'wpgov' directory of the 'amministrazione-aperta' plugin. Include the 'open' parameter with a file path that points to a sensitive file accessible by the web server.

Added: May 10, 2026, 1:24 PM

Updated: May 10, 2026, 1:24 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

9.7

remediation

0.0

relevance

7.9

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

9.7

remediation

0.0

relevance

7.9

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Plugin Amministrazione Aperta Local File Read Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

WordPress Plugin amministrazione-aperta

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating