From cdd36012f939817e9be0c880b74a2e6748816a09 Mon Sep 17 00:00:00 2001
From: Goby <50955360+gobysec@users.noreply.github.com>
Date: Wed, 21 Jun 2023 17:07:21 +0800
Subject: [PATCH] Create
 WordPress_Plugin_Extensive_VC_Addons_File_Inclusion_Vulnerability.md

add WordPress Plugin Extensive VC Addons File Inclusion Vulnerability
---
 ...tensive_VC_Addons_File_Inclusion_Vulnerability.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 WordPress_Plugin_Extensive_VC_Addons_File_Inclusion_Vulnerability.md

diff --git a/WordPress_Plugin_Extensive_VC_Addons_File_Inclusion_Vulnerability.md b/WordPress_Plugin_Extensive_VC_Addons_File_Inclusion_Vulnerability.md
new file mode 100644
index 0000000..710b036
--- /dev/null
+++ b/WordPress_Plugin_Extensive_VC_Addons_File_Inclusion_Vulnerability.md
@@ -0,0 +1,12 @@
+## WordPress Plugin Extensive VC Addons File Inclusion Vulnerability
+
+|   **Vulnerability**  | **WordPress Plugin Extensive VC Addons File Inclusion Vulnerability**  |
+| :----:   | :-----|
+| **Chinese name**  | WordPress Extensive VC Addons 插件 options[template] 文件包含漏洞 |
+| **CVSS core**  | 9.8 |
+| **FOFA Query**  (click to view the results directly)| [body="wp-content/plugins/extensive-vc-addon"](https://en.fofa.info/result?qbase64=Ym9keT0id3AtY29udGVudC9wbHVnaW5zL2V4dGVuc2l2ZS12Yy1hZGRvbiI%3D) |
+| **Number of assets affected**  | 2583 |
+| **Description**  | Extensive VC is a powerful WordPress tool which allows you to add unique, flexible and fully responsive shortcode elements on your site. xtensive VC Addons &lt; 1.9.1 is vulnerable to Local File Inclusion. |
+| **Impact** | Attackers can use this vulnerability to read the leaked source code, database configuration files, etc., resulting in an extremely insecure website. |
+
+![](https://s3.bmp.ovh/imgs/2023/06/21/10e1c4496ca1db1b.gif)