3 matches found
CVE-2024-4441 XML Sitemap & Google News <= 5.4.8 - Unauthenticated Local File Inclusion
The XML Sitemap & Google News plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.8 via the 'feed' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any P...
CVE-2024-4441
CVE-2024-4441 affects the WordPress plugin XML Sitemap & Google News. The vulnerability is Local File Inclusion via the feed parameter in all versions up to 5.4.8, allowing unauthenticated attackers to include and execute arbitrary server-side files (PHP) and potentially bypass access controls or...
WordPress XML Sitemap & Google News Plugin <= 5.4.8 is vulnerable to Local File Inclusion
Software XML Sitemap & Google News Type Plugin Vulnerable versions = 5.4.8 Fixed in 5.4.9 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-4441 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID c001486d4aed Credits Foxyyy Required privilege...