关键信息 漏洞名称: WordPress Nasa Core Plugin <= 6.3.2 is vulnerable to Local File Inclusion 优先级: High priority CVSS评分: 8.1 风险: This vulnerability is highly dangerous and expected to become mass exploited. 受影响版本: <= 6.3.2 修复状态: No official fix available 发布时间: 21 May 2025 by Patchstack 报告者: Bonds 时间线: - Reported by Bonds: 29 Jun 2025 - Early warning sent out to Patchstack customers: 21 May 2025 - Published by Patchstock: 23 May 2025 解决方案: Automatically mitigate vulnerabilities and keep your websites safe using Patchstack's virtual patch. 漏洞详情 类型: Local File Inclusion 描述: This could allow a malicious actor to include local files of the target website and show its output onto the screen. Files which store credentials, such as database credentials, could potentially allow complete database takeover depending on the configuration.