3 matches found
CVE-2024-5456
The Panda Video plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.0 via the 'selectedbutton' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the...
CVE-2024-5456 Panda Video <= 1.4.0 - Authenticated (Contributor+) Local File Inclusion
The Panda Video plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.0 via the 'selectedbutton' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the...
WordPress Panda Video Plugin <= 1.4.0 is vulnerable to Local File Inclusion
Software Panda Video Type Plugin Vulnerable versions = 1.4.0 Fixed in N/A OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-5456 Patch priority Low CVSS severity Low 7.4 Developer Claim ownership PSID 9ec2e6282ba7 Credits stealthcopter Required privilege Contributor...