3 matches found
CVE-2024-3812 Salient Core <= 2.0.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode
The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectaricon' shortcode 'iconlinea' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...
CVE-2024-3812 Salient Core <= 2.0.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode
The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectaricon' shortcode 'iconlinea' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...
CVE-2024-3812
CVE-2024-3812 affects Salient Core for WordPress up to version 2.0.7, enabling Local File Inclusion via the nectar_icon shortcode (icon_linea attribute). Exploitation requires authenticated access at contributor level or higher, potentially allowing arbitrary PHP file execution and data access. P...