CVE-2025-0682 ThemeREX Addons <= 2.33.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trxscreviews' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

WordPress plugin ThemeREX Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-13408

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the pgcu shortcode. This makes it possible for authenticated attacker...

CVE-2024-13545 Bootstrap Ultimate <= 1.4.9 - Unauthenticated Limited Local File Inclusion

The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This...

PT-2025-2162 · WordPress · Post Grid

Name of the Vulnerable Software and Affected Versions: Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress versions up to, and including, 1.6.10 Description: The issue allows authenticated attackers, with Contributor-level access and...

CVE-2024-13593

CVE-2024-13593 affects the WordPress plugin “BMLT Meeting Map” (versions ≤ 2.6.0). The vulnerability is a Local File Inclusion via the short code “bmlt_meeting_map.” It permits authenticated users with Contributor-level access or higher to include and execute arbitrary PHP files on the server, en...

CVE-2024-13593 BMLT Meeting Map <= 2.6.0 - Authenticated (Contributor+) Local File Inclusion

The BMLT Meeting Map plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.0 via the 'bmltmeetingmap' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on th...

BIT-PHP-MIN-2024-4577 Argument Injection in PHP-CGI

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

Exploit for PHP Remote File Inclusion in Ays-Pro Chartify

CVE-2024-10571 Chartify – WordPress Chart Plugin = 2.9.5 - Un...

CVE-2024-13297 Eloqua - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-063

Deserialization of Untrusted Data vulnerability in Drupal Eloqua allows Object Injection.This issue affects Eloqua: from 7.X- before 7.X-1.15...

CVE-2024-13297 Eloqua - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-063

Deserialization of Untrusted Data vulnerability in Drupal Eloqua allows Object Injection.This issue affects Eloqua: from 7.X- before 7.X-1.15...

CVE-2024-13297

CVE-2024-13297 describes a deserialization of untrusted data vulnerability in the Drupal Eloqua integration/module, allowing PHP object injection that could lead to arbitrary code execution. Affected: Eloqua versions 7.X-* before 7.X-1.15 (via the Eloqua Drupal module). The issue is surfaced in t...

CVE-2024-13296 Mailjet - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-062

Deserialization of Untrusted Data vulnerability in Drupal Mailjet allows Object Injection.This issue affects Mailjet: from 0.0.0 before 4.0.1...

CVE-2024-13296

CVE-2024-13296 describes a Deserialization of Untrusted Data vulnerability in the Drupal Mailjet module, enabling Object Injection. Affected versions are Mailjet 0.0.0 up to (but not including) 4.0.1. The root cause is insecure deserialization within the Mailjet Drupal module, potentially allowin...

CVE-2024-13295 Node export - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-061

Deserialization of Untrusted Data vulnerability in Drupal Node export allows Object Injection.This issue affects Node export: from 7.X- before 7.X-3.3...

CVE-2024-13294 POST File - Critical - Cross Site Scripting, Arbitrary PHP code execution - SA-CONTRIB-2024-060

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal POST File allows Cross-Site Scripting XSS.This issue affects POST File: from 0.0.0 before 1.0.2...

CVE-2024-13294 POST File - Critical - Cross Site Scripting, Arbitrary PHP code execution - SA-CONTRIB-2024-060

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal POST File allows Cross-Site Scripting XSS.This issue affects POST File: from 0.0.0 before 1.0.2...

CVE-2024-13294

CVE-2024-13294 concerns the Drupal POST File module, where improper neutralization of input during web page generation enables Cross-Site Scripting (XSS). Affected versions are 0.0.0 through 1.0.2. The root cause is input handling in the POST File endpoint; exploitation could permit user-controll...

CVE-2024-13288 Monster Menus - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-052

Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2...

CVE-2024-13268 Opigno - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-032

Improper Neutralization of Directives in Statically Saved Code 'Static Code Injection' vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23...