Known Vulnerabilities

  • elenis r.

    (@elenis1517)


    10 months ago

    I received this message from “Solid Security – Site Scan”

    Known Vulnerabilities

    WordPress Graphina <= 3.1.1 – Local File Inclusion Vulnerability

    How can I fix this vulnerability?

Viewing 1 replies (of 1 total)
  • Plugin Author Iqonic Design

    (@iqonicdesign)

    9 months ago

    Hello @elenis1517 ,
    Thank you for reporting this. We have already fixed the Local File Inclusion vulnerability in the latest update.

    For example, in
    includes/Admin/GraphinaAdminMenu.php
    we have added strict sanitization and whitelisting to prevent unsafe file inclusion:

    /**
 * Get the current active tab.
 *
 * @return string Active tab slug. Defaults to 'setting' if not set.
 */
private static function get_current_tab() {
    $current_tab = isset( $_GET['activetab'] ) ? sanitize_text_field( $_GET['activetab'] ) : 'setting';
    $allowed_tabs = array( 'setting', 'elements', 'database', 'free-vs-pro' );
    if ( ! in_array( $current_tab, $allowed_tabs, true ) ) {
        $current_tab = 'setting';
    }
    return $current_tab;
}

    This ensures only whitelisted tabs can be accessed and prevents Local File Inclusion issues.

    We recommend updating to the latest version to apply the fix.

    Thank you for your patience and for helping us improve security.

    Best regards
    Iqonic Design

Viewing 1 replies (of 1 total)

The topic ‘Known Vulnerabilities’ is closed to new replies.