CVE-2024-11642

The Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.4.12 via the 'locatetemplate' function. This makes it...

CVE-2024-11642 Post Grid Master <= 3.4.12 - Missing Authorization to Unauthenticated Local PHP File Inclusion

The Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.4.12 via the 'locatetemplate' function. This makes it...

CVE-2024-11642

CVE-2024-11642 – The WordPress plugin “Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder” is affected by an unauthenticated Local File Inclusion via locate_template in all versions up to 3.4.12. The vulnerabil...

PT-2025-1677 · WordPress · Post Grid Master

Name of the Vulnerable Software and Affected Versions: The Post Grid Master plugin for WordPress versions up to, and including, 3.4.12 Description: The issue allows unauthenticated attackers to include and execute arbitrary files on the server, enabling the execution of any PHP code in those file...

CVE-2022-41573

CVE-2022-41573 affects Ovidentia 8.3. The file upload feature does not prevent executable files; a user can upload a PHP-embedded PNG and rename it to .php, making it accessible at an images/common/ URI and enabling remote code execution. The available sources describe the impact (remote code exe...

CVE-2024-12571 Store Locator <= 3.98.10 - Unauthenticated Local File Inclusion

The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'slengine' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

[SECURITY] [DSA 5830-1] smarty4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5830-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 12, 2024 https://www.debian.org/security/faq -...

CVE-2024-12040

CVE-2024-12040 : The Product Carousel Slider & Grid Ultimate for WooCommerce (WordPress) is affected by an authenticated Local File Inclusion via the theme attribute in the wcpcsu shortcode, allowing a Contributor+ user to include and execute arbitrary PHP on the server. Impact includes potential...

CVE-2024-12040 Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.10 - Authenticated (Contributor+) Local File Inclusion via 'theme'

The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.10 via the 'theme' attribute of the wcpcsu shortcode. This makes it possible for authenticated attackers, with Contributor-level access...

Debian dsa-5830 : smarty4 - security update

The remote Debian 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5830 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5830-1 [email protected] https://www.debian.org/security/ Moritz...

WordPress Plugin WP Umbrella: Update Backup Restore & Monitoring Local File Containment Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A local file inclusion vulnerability exists in the WordPress plugin WP Umbrella: Update Backup Restore &...

Image Access Scan2Net 安全漏洞

Image Access Scan2Net is a scanning software from Image Access Germany. A security vulnerability exists in Image Access Scan2Net version 7.40 and earlier, version 7.42 and earlier, and version 7.42B and earlier, which originates from a code execution vulnerability that can be remotely exploited i...

Debian dsa-5826 : smarty3 - security update

The remote Debian 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5826 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5826-1 [email protected] https://www.debian.org/securit...

CVE-2024-12209

Summary (CVE-2024-12209): WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to 2.17.0 via the umbrella-restore action’s filename parameter. Unauthenticated attackers can include and execute arbitrary server files, enablin...

CVE-2024-11010

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.1.4 via the 'defaultlang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, ...

CVE-2024-11289 Soledad <= 8.5.9 - Unauthenticated Limited Local File Inclusion

The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penciarchivemorepostajaxfunc, pencimorepostajaxfunc, and pencimorefeaturedpostajaxfunc. This makes it possible for unauthenticated attackers to include and...

CVE-2024-11429 Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials <= 3.3.3 - Authenticated (Contributor+) Local File Inclusion

The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'stars-testimonials-with-slider-and-masonry-grid' shortcode. This makes it possible for...

Exploit for CVE-2024-8672

CVE-2024-8672: Authenticated Contributor Remote Code Execution...

CVE-2024-9669

The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fmlocale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute...

CVE-2024-10898

The Contact Form 7 Email Add on plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the cf7emailaddonaddadmintemplate function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...