What is GHSA-6g8q-459m-mrmm?

GHSA-6g8q-459m-mrmm is a security advisory published by GitHub Security Advisories with Medium severity. Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability...

Which CVE IDs does GHSA-6g8q-459m-mrmm cover?

GHSA-6g8q-459m-mrmm covers the following CVE IDs: CVE-2018-25324. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-6g8q-459m-mrmm?

GHSA-6g8q-459m-mrmm has a CVSS v3 base score of 6.2, published by GitHub Security Advisories.

GHSA-6g8q-459m-mrmmMediumCVSS 6.2

Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability...

Vendor

GitHub Security Advisories

Published

May 17, 2026

Last Modified

May 17, 2026

🔗 CVE IDs covered (1)

CVE-2018-25324 →

📋 Description

Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wp_abspath parameter on PHP versions before 5.3.4. Attackers can supply malicious wp_abspath values to simple_fields.php to include files like /etc/passwd or inject PHP code into Apache logs for remote code execution when allow_url_include is enabled.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2018-25324
https://downloads.wordpress.org/plugin/simple-fields.0.3.5.zip
https://www.exploit-db.com/exploits/44425
https://www.vulncheck.com/advisories/simple-fields-local-file-inclusion-via-wp-abspath
http://simple-fields.com
https://github.com/advisories/GHSA-6g8q-459m-mrmm