Lucene search
HistoryAug 16, 2024 - 6:15 a.m.
CVE-2024-6460
cve-2024-6460
tradedoubler
wordpress
local file inclusion
php files
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
9.5%
The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files.
Related
cvelist
cvelist
CVE-2024-6460 Grow by Tradedoubler <= 2.0.21 - Unauthenticated LFI
2024-08-16 06:00:02
cve
cve
CVE-2024-6460
2024-08-16 06:15:04
vulnrichment
vulnrichment
CVE-2024-6460 Grow by Tradedoubler <= 2.0.21 - Unauthenticated LFI
2024-08-16 06:00:02
wordfence
wordfence
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
9.5%
Related for NVD:CVE-2024-6460