CVE-2024-11289

The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penciarchivemorepostajaxfunc, pencimorepostajaxfunc, and pencimorefeaturedpostajaxfunc. This makes it possible for unauthenticated attackers to include and...

CVE-2024-11289

CVE-2024-11289 (Soledad theme, WordPress) is an unauthenticated Local File Inclusion vulnerability affecting all versions up to 8.5.9, exploitable via functions penci_archive_more_post_ajax_func, penci_more_post_ajax_func, and penci_more_featured_post_ajax_func. The issue permits local PHP file i...

CVE-2024-10873

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the loadtemplate function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitra...

CVE-2024-10898

The Contact Form 7 Email Add on plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the cf7emailaddonaddadmintemplate function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...

PT-2024-16281 · WordPress · Wpc Smart Messages

Name of the Vulnerable Software and Affected Versions: WPC Smart Messages for WooCommerce plugin for WordPress versions up to, and including, 4.2.1 Description: The issue allows authenticated attackers with Subscriber-level access and above to include and execute arbitrary files on the server via...

PT-2024-38986 · WordPress · Wordpress Post Grid Layouts With Pagination – Sogrid

Name of the Vulnerable Software and Affected Versions: WordPress Post Grid Layouts with Pagination – Sogrid plugin versions up to, and including, 1.5.2 Description: The issue allows authenticated attackers with Administrator-level access and above to include and execute arbitrary files on the...

PT-2024-39184 · WordPress · Advanced File Manager

Name of the Vulnerable Software and Affected Versions: Advanced File Manager plugin for WordPress versions up to, and including, 5.2.8 Description: The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion via the fma locale parameter. This allows authenticat...

PT-2024-38890

Name of the Vulnerable Software and Affected Versions: Clean Login plugin for WordPress versions up to, and including, 1.14.5 Description: The Clean Login plugin for WordPress is vulnerable to Local File Inclusion via the template attribute of the clean-login-register shortcode. This allows...

CVE-2024-7145

The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progresstype' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the...

PT-2024-37643 · WordPress · The News Element Elementor Blog Magazine Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The News Element Elementor Blog Magazine WordPress plugin versions prior to 1.0.6 Description: The issue allows an unauthenticated attacker to include and execute PHP files on the server via the template parameter, enabling the execution of a...

Opigno module - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-028

The Opigno module is related to Opigno LMS distribution. It implements the module entity, that is a sub-part of a training. In the opignomodule module, uploaded files were not sufficiently validated to prevent arbitrary file uploads, which could lead to Remote Code Execution RCE and/or Cross Site...

PT-2024-37424 · WordPress · Filter & Grids

Name of the Vulnerable Software and Affected Versions: The Filter & Grids WordPress plugin versions prior to 2.8.33 Description: The issue allows an unauthenticated attacker to include and execute PHP files on the server via the post layout parameter, enabling the execution of any PHP code in tho...

CVE-2024-5455

The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazinestyle' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level...

PT-2024-26570 · WordPress · Custom Field Suite

Name of the Vulnerable Software and Affected Versions: Custom Field Suite plugin for WordPress versions up to, and including, 2.6.7 Description: The issue is related to insufficient sanitization of input prior to being used in a call to the eval function, which makes it possible for authenticated...

PT-2024-36462 · WordPress · Wp Blog Post Layouts

Name of the Vulnerable Software and Affected Versions: WP Blog Post Layouts plugin for WordPress versions up to, and including, 1.1.3 Description: The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion. This makes it possible for authenticated attackers, with...

CVE-2024-5577

The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version = 1.1.1 via the WIWHEADER parameter of the /system/include/includeuser.php file. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted on external...

CVE-2024-3564

The Content Blocks Custom Post Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the plugin's 'contentblock' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execu...

PT-2024-40256 · Packagist · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A weakness in the .htaccess rules allows PHP scripts in the assets directory to be executed through a specially crafted URL. However, protections are in place to prevent the upload ...

GHSA-J66P-FVP2-FXHJ Drupal core Arbitrary PHP code execution

The Drupal project uses the PEAR ArchiveTar library. The PEAR ArchiveTar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz...

PT-2024-40410 · Apache +1 · Apache +1

Name of the Vulnerable Software and Affected Versions: eZ Platform and Legacy affected versions not specified Description: The issue is related to how uploaded PHP and PHAR files are handled. It consists of two parts: web server configuration and disabling the PHAR stream wrapper. The sample web...