ArForms < 6.6 - Unauthenticated RCE

Description The plugin allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form PoC 1. Create a form with an upload input 2. As an unauthenticated user, upload an image file and intercept the request. 3...

CVE-2024-4670 All-in-One Video Gallery <= 3.6.5 - Authenticated (Contributor+) Local File Inclusion via aiovg_search_form Shortcode

The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovgsearchform shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary file...

CVE-2024-3806

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'portoajaxposts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in...

CVE-2024-3808

The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the 'portoportfolios' shortcode 'portfoliolayout' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions,...

CVE-2024-25641

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web...

CVE-2024-25641

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web...

CVE-2024-3809

The Porto Theme – Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the ‘slideshowtype’ post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

Cacti 安全漏洞

Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. A security vulnerability exists in Cacti versions prior to 1.2.27, which...

CVE-2024-25641 Cacti RCE vulnerability when importing packages

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web...

CVE-2024-25641

CVE-2024-25641 affects Cacti prior to 1.2.27. An arbitrary file write vulnerability in the import_package() path allows authenticated users with the Import Templates permission to write/overwrite files via the Package Import XML data, due to the function blindly trusting filenames and content and...

CVE-2024-25641

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web...

CVE-2024-3808 Porto Theme - Functionality <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the 'portoportfolios' shortcode 'portfoliolayout' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions,...

CVE-2024-3808

CVE-2024-3808 pertains to the Porto Theme – Functionality plugin for WordPress. The vulnerability enables authenticated attackers with contributor-level privileges or higher to perform a Local File Inclusion via the porto_portfolios shortcode and its portfolio_layout attribute, enabling arbitrary...

CVE-2024-3806 Porto <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'portoajaxposts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in...

CVE-2024-3806 Porto <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'portoajaxposts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in...

CVE-2024-4441

CVE-2024-4441 affects the WordPress plugin XML Sitemap & Google News. The vulnerability is Local File Inclusion via the feed parameter in all versions up to 5.4.8, allowing unauthenticated attackers to include and execute arbitrary server-side files (PHP) and potentially bypass access controls or...

CVE-2024-4441 XML Sitemap & Google News <= 5.4.8 - Unauthenticated Local File Inclusion

The XML Sitemap & Google News plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.8 via the 'feed' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any P...

CVE-2024-3807 Porto <= 7.1.0 - Authenticated (Contributor+) Local File Inclusion via Post Meta

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via 'portopageheadershortcodetype', 'slideshowtype' and 'postlayout' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to...

XML Sitemap & Google News < 5.4.9 - Unauthenticated Local File Inclusion

Description The XML Sitemap & Google News plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.8 via the 'feed' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

CVE-2024-3500

The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute...