2 matches found
CVE-2024-3849
CVE-2024-3849 concerns the Click to Chat – HoliThemes WordPress plugin (up to 3.35). The issue is Local File Inclusion, allowing authenticated users with contributor+ rights to include/execute PHP files on the server, bypassing some access controls and potentially leading to code execution. Affec...
WordPress Click to Chat Plugin <= 3.35 is vulnerable to Local File Inclusion
Software Click to Chat Type Plugin Vulnerable versions = 3.35 Fixed in 4.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3849 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 3a9b57b69a7e Credits haidv35 from Viettel Cyber Security Required...