Lucene search
+L

77 matches found

githubexploit
githubexploit
added 2026/03/03 10:5 a.m.195 views

Exploit for CVE-2023-3452

CVE-2023-3452 - WordPress Canto Plugin RCE Exploit for the Wo...

9.8CVSS6AI score0.0562EPSS
Exploits7
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-21360

Malware in sbrugna...

5.3CVSS5.3AI score0.15254EPSS
Exploits3References7
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-21361

Malware in sbrugna...

5.3CVSS5.3AI score0.15254EPSS
Exploits3References7
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-16799

Malware in sbrugna...

7.2CVSS7AI score0.01446EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/05/23 2:15 a.m.12 views

CVE-2023-3452

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wpabspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allowurlinclude is enabled. Local File...

9.8CVSS8.1AI score0.0562EPSS
Exploits7References1
redhatcve
redhatcve
added 2025/05/22 4:36 p.m.14 views

CVE-2020-28978

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF...

5.3CVSS7AI score0.15254EPSS
Exploits3
redhatcve
redhatcve
added 2025/05/22 3:21 p.m.6 views

CVE-2020-24063

The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF...

7.2CVSS7.1AI score0.01446EPSS
Exploits0
redhatcve
redhatcve
added 2025/02/05 12:9 a.m.9 views

CVE-2024-4936

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allowurlinclude to be...

9.8CVSS7.4AI score0.01027EPSS
Exploits0References1
nvd
nvd
added 2024/06/14 5:15 a.m.37 views

CVE-2024-4936

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allowurlinclude to be...

9.8CVSS0.01027EPSS
Exploits0References3
osv
osv
added 2024/06/14 5:15 a.m.5 views

CVE-2024-4936

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allowurlinclude to be...

9.8CVSS5.7AI score0.01027EPSS
Exploits0References2
euvd
euvd
added 2024/06/14 4:36 a.m.4 views

EUVD-2024-44502

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allowurlinclude to be...

9.8CVSS6.9AI score0.01027EPSS
Exploits0References2
cve
cve
added 2024/06/14 4:36 a.m.74 views

CVE-2024-4936

CVE-2024-4936 affects the Canto WordPress plugin (versions ≤ 3.0.8). It allows unauthenticated Remote File Inclusion via the abspath parameter, requiring allow_url_include to be enabled to exploit, leading to potential code execution. Remediation per connected docs: upgrade to a version newer tha...

9.8CVSS9.7AI score0.01027EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2024/06/14 4:36 a.m.209 views

CVE-2024-4936 Canto <= 3.0.8 - Unauthenticated Remote File Inclusion

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allowurlinclude to be...

9.8CVSS0.01027EPSS
Exploits0References3
patchstack
patchstack
added 2024/06/14 2:54 a.m.7 views

Wordpress Canto plugin <= 3.0.8 - Unauthenticated Remote File Inclusion vulnerability

Unauthenticated Remote File Inclusion vulnerability discovered by Sushi Com Abacate in WordPress Plugin Canto versions = 3.0.8...

9.8CVSS7.1AI score0.01027EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2024/06/14 12:0 a.m.11 views

PT-2024-33483 · WordPress · Canto

Name of the Vulnerable Software and Affected Versions: Canto plugin for WordPress versions up to, and including, 3.0.8 Description: The issue allows unauthenticated attackers to include remote files on the server, resulting in code execution. This is achieved via the abspath parameter and require...

9.8CVSS7.8AI score0.01027EPSS
Exploits0References6
cnnvd
cnnvd
added 2024/06/14 12:0 a.m.5 views

WordPress plugin Canto security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.8CVSS6.8AI score0.01027EPSS
Exploits0References3
patchstack
patchstack
added 2024/06/14 12:0 a.m.14 views

WordPress Canto Plugin <= 3.0.8 is vulnerable to Local File Inclusion

Software Canto Type Plugin Vulnerable versions = 3.0.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-4936 Patch priority Low CVSS severity Low 9.8 Developer Claim ownership PSID becb06bae3de Credits Sushi Com Abacate Required privilege Unauthenticated...

9.8CVSS6.8AI score0.01027EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2024/04/03 12:18 p.m.43 views

CVE-2024-25096 WordPress canto plugin <= 3.0.7 - Unauth. Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7...

10CVSS9.6AI score0.00687EPSS
Exploits2References1
cnnvd
cnnvd
added 2024/04/03 12:0 a.m.13 views

WordPress Plugin Canto 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

10CVSS8.3AI score0.00687EPSS
Exploits2References2
packetstorm
packetstorm
added 2024/02/27 12:0 a.m.324 views

WordPress Canto Remote Shell Upload

Exploit Title: Wordpress Plugin Canto " def createadminfilelocaldir, localshell=None: if not os.path.exis...

9.8CVSS7.4AI score0.0562EPSS
Exploits7
Rows per page
Query Builder