Lucene search
K

3 matches found

BDU FSTEC
BDU FSTEC
added 2025/02/03 12:0 a.m.7 views

The vulnerability of the Post Grid, Slider & Carousel Ultimate plugin of the WordPress content management system arises from improper handling of file names for PHP functions like include or require. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the Post Grid, Slider & Carousel plugin in the WordPress content management system is related to improper handling of file names for PHP functions like include or require. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to...

6.8CVSS7.7AI score0.00451EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/01/24 11:7 a.m.12 views

CVE-2024-13409 Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion via post_type_ajax_handler()

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the posttypeajaxhandler function. This makes it possible for...

7.5CVSS0.00842EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/06/20 11:15 a.m.7 views

CVE-2022-1266

The Post Grid, Slider & Carousel Ultimate WordPress plugin before 1.5.0 does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.5AI score0.00565EPSS
Exploits2References2
Rows per page
Query Builder