CVE-2024-48180

CVE-2024-48180 affects ClassCMS versions ≤ 4.8. The issue is a file inclusion in the nowView method of /class/cms/cms.php, which can include a file uploaded to /class/template, allowing PHP code execution. Documented impact indicates high confidentiality, integrity, and availability impact with a...

CVE-2024-48180

ClassCMS =4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code...

ViciDial 2.0.5 Cross Site Request Forgery

============================================================================================================================================= | Title : ViciDial Call Center - astguiclient - thirtieth public release 2.0.5 CSRF Add ADmin Vulnerability | | Author : indoushka | | Tested on : windows ...

CVE-2024-7149

CVE-2024-7149 — The Event Manager/Events Calendar/Tickets/Registrations – Eventin WordPress plugin (

SPIP BigUp Plugin Unauthenticated RCE

This module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP. The vulnerability lies in the listerfichiersparchamps function, which is triggered when the bigupretrouverfichiers parameter is set to any value. By exploiting the improper handling of multipart form data in...

Prison Management System 1.0 Add Administrator

============================================================================================================================================= | Title : Prison Management System v1.0 Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3...

CVE-2024-7950 WP Job Portal <= 2.1.6 - Missing Authorization to Unauthenticated Local File Inclusion, Arbitrary Settings Update, and User Creation

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versions up to, and including, 2.1.6 via several functions called by the 'checkFormRequest' function...

CVE-2024-6459

The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

CVE-2024-6459

CVE-2024-6459 affects the News Element Elementor Blog Magazine WordPress plugin (versions prior to 1.0.6). It exposes a Local File Inclusion flaw via the template parameter, allowing an unauthenticated attacker to include and execute PHP files on the server, effectively enabling arbitrary PHP cod...

CVE-2024-7145 JetElements <= 2.6.20 - Authenticated (Contributor+) Arbitrary Local File Inclusion

The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progresstype' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the...

CVE-2024-7145

CVE-2024-7145 : JetElements (WordPress) is vulnerable to authenticated Local File Inclusion via the progress_type parameter in versions up to 2.6.20. Exploitation allows an authenticated attacker (Contributor+ level) to include and execute arbitrary PHP files on the server, bypassing some access ...

CVE-2024-7146

CVE-2024-7146 affects JetTabs for Elementor (WordPress plugin) up to v2.2.3. It allows authenticated users with Contributor-level access and above to perform Local File Inclusion via the switcher_preset parameter, enabling inclusion/ execution of arbitrary PHP code on the server and potentially b...

CVE-2024-6589 LearnPress <= 4.2.6.8.2 - Authenticated (Contributor+) Local File Inclusion

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'rendercontentblocktemplate' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include a...

CVE-2024-6164

The Filter & Grids WordPress plugin before 2.8.33 is vulnerable to Local File Inclusion via the postlayout parameter. This makes it possible for an unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

CVE-2024-6164

CVE-2024-6164 affects the WordPress plugin “Filter & Grids” (ymc-smart-filter). The vulnerability is a Local File Inclusion via the post_layout parameter, allowing an unauthenticated attacker to include and execute PHP code on the server. This directly enables arbitrary PHP execution through the ...

CVE-2024-6467

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpresssavelitewizardsettingsfunc' function. This makes it possible fo...

CVE-2024-6467

BookingPress (Appointment Booking Calendar & Scheduling plugin for WordPress) is affected by CVE-2024-6467 and related disclosures. The vulnerability stems from the function bookingpress_save_lite_wizard_settings_func() which saves wizard settings without proper capability checks, and with a publ...

Exploit for OS Command Injection in Dolibarr Dolibarr_Erp\/Crm

DolibabyPhp An authenticated RCE exploit for Dolibarr ERP/CRM...

CVE-2024-5456 Panda Video <= 1.4.0 - Authenticated (Contributor+) Local File Inclusion

The Panda Video plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.0 via the 'selectedbutton' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the...

PT-2024-20120 · Livemesh · Elementor Addons

Name of the Vulnerable Software and Affected Versions: Elementor Addons by Livemesh plugin for WordPress versions up to, and including, 8.3.7 Description: The issue allows authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server throug...