CVE-2024-3849

The Click to Chat – HoliThemes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.35. This makes it possible for authenticated attackers, with contributor access or above, to include and execute arbitrary files on the server, allowing the execution ...

CVE-2024-3849 Click to Chat – HoliThemes <= 3.35 - Authenticated (Contributor+) Local File Inclusion

The Click to Chat – HoliThemes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.35. This makes it possible for authenticated attackers, with contributor access or above, to include and execute arbitrary files on the server, allowing the execution ...

CVE-2024-3849

CVE-2024-3849 concerns the Click to Chat – HoliThemes WordPress plugin (up to 3.35). The issue is Local File Inclusion, allowing authenticated users with contributor+ rights to include/execute PHP files on the server, bypassing some access controls and potentially leading to code execution. Affec...

WordPress plugin HoliThemes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...