3 matches found
WordPress Clean Login <= 1.14.5 Authenticated (Contributor+) - Local File Inclusion
The Clean Login plugin for WordPress up to version 1.14.5 contains a path traversal caused by the 'template' attribute in the clean-login-register shortcode, letting authenticated attackers with contributor access include and execute arbitrary files, exploit requires attacker to have contributor ...
CVE-2024-8252
creationtimestamp| type| source ---|---|--- 2024-08-30 13:08:36+00:00| seen| https://t.me/cvedetector/4511 2026-04-08 08:56:40+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-8252.yaml 2026-04-10 21:03:07+00:00| seen|...
CVE-2024-8252 Clean Login <= 1.14.5 - Authenticated (Contributor+) Local File Inclusion
The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...