CVE-2024-3500 ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Local File Inclusion via Price Menu, Hotspot, and Advanced Toggle Widgets

The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute...

CVE-2024-3499

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the generatenavigationmarkup function of the Onepage Scroll module. This makes it possible for authenticated attackers, with contributor-level access and...

CVE-2024-3499

The CVE-2024-3499 entry concerns ElementsKit Elementor addons and Templates Library for WordPress. Impact arises from a Local File Inclusion in the Onepage Scroll module’s generate_navigation_markup function, enabling an authenticated attacker with contributor+ privileges to include and execute a...

PT-2024-26279 · WordPress · Elementskit Elementor Addons

Name of the Vulnerable Software and Affected Versions: ElementsKit Elementor addons plugin for WordPress versions prior to 3.1.1 Description: The issue allows authenticated attackers with contributor-level access and above to include and execute arbitrary files on the server via the generate...

XStore < 9.3.9 - Unauthenticated Local File Inclusion

Description The theme is vulnerable to Local File Inclusion, allowing unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution...

XforWooCommerce <= 2.0.2 - Authenticated (Subscriber+) Local File Inclusion

Description The XforWooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to include and execute arbitrary files on the server, allowing the...

CVE-2023-46304

modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file executed on every page load...

PT-2024-13351 · Vtiger · Vtiger Crm

Name of the Vulnerable Software and Affected Versions: Vtiger CRM version 7.5.0 Description: The issue allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file, which is executed on every page load...

Click to Chat – HoliThemes < 4.0 - Contributor+ LFI

Description The plugin is vulnerable to Local File Inclusion, allowing authenticated attackers, with contributor access or above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensiti...

CVE-2024-3136

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP cod...

CVE-2024-3136 MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP cod...

Daily Expense Manager 1.0 - &#039;term&#039; SQLi

Exploit Title: Daily Expense Manager 1.0 - 'term' SQLi Date: February 25th, 2024 Exploit Author: Stefan Hesselman Vendor Homepage: https://code-projects.org/daily-expense-manager-in-php-with-source-code/ Software Link:...

Invision Community 4.7.16 Remote Code Execution

------------------------------------------------------------------------------ Invision Community = 4.7.16 toolbar.php Remote Code Execution Vulnerability ------------------------------------------------------------------------------ - Software Link: https://invisioncommunity.com - Affected...

Daily Expense Manager 1.0 SQL Injection

Exploit Title: Daily Expense Manager 1.0 - 'term' SQLi Date: February 25th, 2024 Exploit Author: Stefan Hesselman Vendor Homepage: https://code-projects.org/daily-expense-manager-in-php-with-source-code/ Software Link:...

Daily Expense Manager 1.0 - (term) SQL injection Vulnerability

Exploit Title: Daily Expense Manager 1.0 - 'term' SQLi Exploit Author: Stefan Hesselman Vendor Homepage: https://code-projects.org/daily-expense-manager-in-php-with-source-code/ Software Link: https://download-media.code-projects.org/2020/01/DAILYEXPENSEMANAGERINPHPWITHSOURCECODE.zip Version: 1.0...

MasterStudy LMS < 3.3.4 - Unauthenticated Local File Inclusion via template

Description The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of...

FoF Pretty Mail 1.1.2 Command Injection Vulnerability

Exploit Title: FoF Pretty Mail 1.1.2 Extension for Flarum Command Injection Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty Mail extension fo...

ElementsKit Elementor addons < 3.0.7 - Contributor+ Local File Inclusion

Description The plugin is vulnerable to Local File Inclusion via the renderraw function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This c...

CVE-2024-2047 ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Local File Inclusion in render_raw

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.6 via the renderraw function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files o...

CVE-2024-2047

The CVE-2024-2047 entry affects ElementsKit Elementor addons and Templates Library (ElementsKit Lite) for WordPress. The root cause is Local File Inclusion via render_raw in all versions up to 3.0.6. This allows an authenticated attacker with contributor+ privileges to include and execute arbitra...