VulnCheck KEV: CVE-2024-3809

The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the 'slideshowtype' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

CVE-2023-48739 WordPress Porto Theme Functionality plugin < 2.12.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Porto Theme Porto Theme - Functionality porto-functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a through 2.12.1...

WordPress Houzez Theme - Functionality plugin <= 3.2.2 - Authenticated (Seller+) SQL Injection vulnerability

WordPress Houzez Theme - Functionality plugin = 3.2.2 - Authenticated Seller+ SQL Injection vulnerability discovered by István Márton in WordPress Plugin Houzez Theme - Functionality versions = 3.2.2...

CVE-2024-3808

The Porto Theme – Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the ‘portoportfolios’ shortcode ‘portfoliolayout’ attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions,...

CVE-2024-3809 Porto Theme - Functionality <= 3.0.9 - Authenticated (Contributor+) Local File Inclusion via Post Meta

The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the 'slideshowtype' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

WordPress Porto Theme - Functionality plugin <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode/post meta vulnerability

WordPress Porto Theme - Functionality plugin = 3.1.0 - Authenticated Contributor+ Local File Inclusion via Shortcode/post meta vulnerability discovered by István Márton in WordPress Plugin Porto Theme - Functionality versions = 3.1.0...

CVE-2023-48738 WordPress Porto Theme - Functionality Plugin < 2.12.1 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Porto Theme Porto Theme - Functionality.This issue affects Porto Theme - Functionality: from n/a before 2.12.1...

WordPress Porto Theme - Functionality Plugin < 2.12.1 is vulnerable to Broken Access Control

Software Porto Theme - Functionality Type Plugin Vulnerable versions 2.12.1 Fixed in 2.12.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-48739 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID aa73939ac882 Credits Rafie...