77 matches found
Exploit for CVE-2023-3452
CVE-2023-3452 - WordPress Canto Plugin RCE Exploit for the Wo...
EUVD-2020-21360
Malware in sbrugna...
EUVD-2020-21361
Malware in sbrugna...
EUVD-2020-16799
Malware in sbrugna...
CVE-2023-3452
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wpabspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allowurlinclude is enabled. Local File...
CVE-2020-28978
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF...
CVE-2020-24063
The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF...
CVE-2024-4936
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allowurlinclude to be...
CVE-2024-4936
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allowurlinclude to be...
CVE-2024-4936
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allowurlinclude to be...
EUVD-2024-44502
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allowurlinclude to be...
CVE-2024-4936
CVE-2024-4936 affects the Canto WordPress plugin (versions ≤ 3.0.8). It allows unauthenticated Remote File Inclusion via the abspath parameter, requiring allow_url_include to be enabled to exploit, leading to potential code execution. Remediation per connected docs: upgrade to a version newer tha...
CVE-2024-4936 Canto <= 3.0.8 - Unauthenticated Remote File Inclusion
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allowurlinclude to be...
Wordpress Canto plugin <= 3.0.8 - Unauthenticated Remote File Inclusion vulnerability
Unauthenticated Remote File Inclusion vulnerability discovered by Sushi Com Abacate in WordPress Plugin Canto versions = 3.0.8...
PT-2024-33483 · WordPress · Canto
Name of the Vulnerable Software and Affected Versions: Canto plugin for WordPress versions up to, and including, 3.0.8 Description: The issue allows unauthenticated attackers to include remote files on the server, resulting in code execution. This is achieved via the abspath parameter and require...
WordPress plugin Canto security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress Canto Plugin <= 3.0.8 is vulnerable to Local File Inclusion
Software Canto Type Plugin Vulnerable versions = 3.0.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-4936 Patch priority Low CVSS severity Low 9.8 Developer Claim ownership PSID becb06bae3de Credits Sushi Com Abacate Required privilege Unauthenticated...
CVE-2024-25096 WordPress canto plugin <= 3.0.7 - Unauth. Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7...
WordPress Plugin Canto 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
WordPress Canto Remote Shell Upload
Exploit Title: Wordpress Plugin Canto " def createadminfilelocaldir, localshell=None: if not os.path.exis...