CVE-2024-5147

The WPZOOM Addons for Elementor Templates, Widgets plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.37 via the 'gridstyle' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server,...

CVE-2024-5147 WPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.37 - Unauthenticated Local File Inclusion

The WPZOOM Addons for Elementor Templates, Widgets plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.37 via the 'gridstyle' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server,...

PT-2024-34642 · Wpzoom · Wpzoom Addons For Elementor

Name of the Vulnerable Software and Affected Versions: WPZOOM Addons for Elementor Templates, Widgets plugin for WordPress versions up to, and including, 1.1.37 Description: The issue allows unauthenticated attackers to include and execute arbitrary files on the server via the grid style paramete...

CVE-2024-3812

The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectaricon' shortcode 'iconlinea' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

CVE-2024-3810

The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

CVE-2024-3810 Salient Shortcodes <= 1.5.3 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

CVE-2024-3810

CVE-2024-3810 : The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 1.5.3 via the icon/image attribute used in shortcodes. Authenticated attackers with contributor-level permissions or higher can include and execute arbitrary PHP f...

CVE-2023-23645 WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 - Subscriber+ Arbitrary PHP Code Injection/Execution Vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2...

CVE-2024-3551 Penci Soledad Data Migrator <= 1.3.0 - Unauthenticated Local File Inclusion

The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.0 via the 'data' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any...

ArForms < 6.6 - Unauthenticated RCE

Description The plugin allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form PoC 1. Create a form with an upload input 2. As an unauthenticated user, upload an image file and intercept the request. 3...

CVE-2024-4670 All-in-One Video Gallery <= 3.6.5 - Authenticated (Contributor+) Local File Inclusion via aiovg_search_form Shortcode

The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovgsearchform shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary file...

CVE-2024-3806

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'portoajaxposts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in...

CVE-2024-3808

The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the 'portoportfolios' shortcode 'portfoliolayout' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions,...

CVE-2024-25641

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web...

CVE-2024-25641

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web...

Cacti 安全漏洞

Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. A security vulnerability exists in Cacti versions prior to 1.2.27, which...

CVE-2024-3809

The Porto Theme – Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the ‘slideshowtype’ post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

CVE-2024-25641

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web...

CVE-2024-25641

CVE-2024-25641 affects Cacti prior to 1.2.27. An arbitrary file write vulnerability in the import_package() path allows authenticated users with the Import Templates permission to write/overwrite files via the Package Import XML data, due to the function blindly trusting filenames and content and...

CVE-2024-25641 Cacti RCE vulnerability when importing packages

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web...