4 matches found
CVE-2023-5250 Grid Plus <= 1.3.3 - Authenticated (Subscriber+) Local File Inclusion via Shortcode
The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.3 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those file...
CVE-2023-5250
CVE-2023-5250 affects Grid Plus WordPress plugin up to version 1.3.2, with Local File Inclusion via a shortcode attribute. This allows subscriber-level and higher attackers to include and execute PHP code from server files (limited to .php files), potentially bypassing access controls or enabling...
CVE-2023-5250 Grid Plus <= 1.3.3 - Authenticated (Subscriber+) Local File Inclusion via Shortcode
The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.3 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those file...
WordPress Grid Plus Plugin <= 1.3.3 is vulnerable to Local File Inclusion
Software Grid Plus Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.4 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-5250 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID a64dc6db3b2e Credits István Márton Required privilege Subscriber...