Primary

Context

BizCalendar Web Local File Inclusion Vulnerability for WordPress

Vulnerability

A local file inclusion vulnerability has been identified in the BizCalendar Web plugin for WordPress, affecting all versions through 1.1.0.50. The vulnerability arises in the 'bizcalv' shortcode, allowing authenticated attackers with Contributor-level access and above to include and execute arbitrary files on the server. This exploitation can bypass access controls, access sensitive data, or execute PHP code from included files, particularly when 'safe' file types like images can be uploaded and referenced.

Impact

Exploitation of this vulnerability could lead to unauthorized file inclusion, execution of malicious PHP code on the server, and potential bypassing of access controls.

Remediation

No known patch is available. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.

Added: Aug 15, 2025, 9:26 AM

Updated: Aug 15, 2025, 9:26 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.2

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.2

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BizCalendar Web Local File Inclusion Vulnerability for WordPress

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating