CVE-2024-10871

The Category Ajax Filter plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.2 via the 'paramscaf-post-layout' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

CVE-2024-10871

The CVE-2024-10871 issue affects the WordPress plugin Category Ajax Filter (

CVE-2024-10436

CVE-2024-10436 affects the WPC Smart Messages for WooCommerce WordPress plugin, with Local File Inclusion via the get_condition_value function in all versions up to and including 4.2.1. Authenticated attackers with Subscriber-level access or higher can include and execute arbitrary PHP files on t...

WordPress plugin WPC Smart Messages for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-9162

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code Injection due to missing file type validation during the export in all versions up to, and including, 7.86. This makes it possible for authenticated attackers, with Administrator-level access and above...

CVE-2024-9162 All-in-One WP Migration and Backup <= 7.86 - Authenticated (Administrator+) Arbitrary PHP Code Injection

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code Injection due to missing file type validation during the export in all versions up to, and including, 7.86. This makes it possible for authenticated attackers, with Administrator-level access and above...

CVE-2024-9162 All-in-One WP Migration and Backup <= 7.86 - Authenticated (Administrator+) Arbitrary PHP Code Injection

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code Injection due to missing file type validation during the export in all versions up to, and including, 7.86. This makes it possible for authenticated attackers, with Administrator-level access and above...

CVE-2024-8392

The WordPress Post Grid Layouts with Pagination – Sogrid plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.6 via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and...

SofaWiki 3.9.2 Shell Upload

Exploit Title: SofaWiki 3.9.2 - Remote Code Execution RCE via Open Ticket File Upload Date: 10/17/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Version: 3.9.2 Tested on: Windows XP Summary: A remote co...

CVE-2024-48180

ClassCMS =4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code...

CVE-2024-48180

ClassCMS =4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code...

CVE-2024-48180

CVE-2024-48180 affects ClassCMS versions ≤ 4.8. The issue is a file inclusion in the nowView method of /class/cms/cms.php, which can include a file uploaded to /class/template, allowing PHP code execution. Documented impact indicates high confidentiality, integrity, and availability impact with a...

CVE-2024-48180

ClassCMS =4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code...

Exploit for CVE-2024-9441

CVE-2024-9441 Description of the Vulnerability: This code exp...

CVE-2024-43363 Remote code execution via Log Poisoning in Cacti

Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process completing only step 5 of the installation process is enough, no need to complete the steps before or after it to...

CVE-2024-44014 WordPress Vmax Project Manager plugin <= 1.0 - Local File Inclusion to RCE vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Vmax Studio Vmax Project Manager vmax-project-manager allows PHP Local File Inclusion.This issue affects Vmax Project Manager: from n/a through = 1.0...

ViciDial 2.0.5 Cross Site Request Forgery

============================================================================================================================================= | Title : ViciDial Call Center - astguiclient - thirtieth public release 2.0.5 CSRF Add ADmin Vulnerability | | Author : indoushka | | Tested on : windows ...

Exploit for CVE-2024-9162

CVE-2024-9162 All-in-One WP Migration and Backup SELECT op...

CVE-2024-7149 Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.8 - Authenticated (Contributor+) Local File Inclusion

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.8 via multiple style parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, t...

CVE-2024-7149

CVE-2024-7149 — The Event Manager/Events Calendar/Tickets/Registrations – Eventin WordPress plugin (