3 matches found
CVE-2024-6228
The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and above to include and execute arbitrary local PHP files on t...
CVE-2024-6228
creationtimestamp| type| source ---|---|--- 2026-07-06 08:04:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpxmwcsanv27 2026-07-09 00:32:11+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mq6f2nevl622...
CVE-2024-6228
The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file inclusion path, allowing authenticated users with subscriber-level access and above to include and execute arbitrary local PHP files on t...