Total
225 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56281 | 2025-01-07 | 7.5 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodeMShop 워드프레스 결제 심플페이 allows PHP Local File Inclusion.This issue affects 워드프레스 결제 심플페이: from n/a through 5.2.0. | ||||
| CVE-2024-56230 | 2025-01-02 | 7.5 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dynamic Web Lab Dynamic Product Category Grid, Slider for WooCommerce allows PHP Local File Inclusion.This issue affects Dynamic Product Category Grid, Slider for WooCommerce: from n/a through 1.1.3. | ||||
| CVE-2024-12272 | 2024-12-27 | 8.8 High | ||
| The WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.7 via several widgets. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2024-12571 | 2024-12-20 | 9.8 Critical | ||
| The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'sl_engine' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2024-54270 | 2024-12-18 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axeptio Axeptio allows PHP Local File Inclusion.This issue affects Axeptio: from n/a through 2.5.3. | ||||
| CVE-2024-54376 | 2024-12-16 | 7.5 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Spider-themes EazyDocs.This issue affects EazyDocs: from n/a through 2.5.5. | ||||
| CVE-2024-12040 | 2024-12-12 | 8.8 High | ||
| The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.10 via the 'theme' attribute of the `wcpcsu` shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2024-54225 | 1 Codegearthemes | 1 Designer | 2024-12-09 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodegearThemes Designer allows PHP Local File Inclusion.This issue affects Designer: from n/a through 1.3.3. | ||||
| CVE-2024-12209 | 1 Wphealth | 1 Wp Umbrella Update Backup Restore And Monitoring | 2024-12-09 | 9.8 Critical |
| The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2024-52385 | 2024-12-09 | 4.3 Medium | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Sk. Abul Hasan Team Member.This issue affects Team Member: from n/a through 7.3. | ||||
| CVE-2024-11289 | 1 Pencidesign | 1 Soledad | 2024-12-06 | 8.1 High |
| The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penci_archive_more_post_ajax_func, penci_more_post_ajax_func, and penci_more_featured_post_ajax_func. This makes it possible for unauthenticated attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. The exploitability of this is limited to Windows. | ||||
| CVE-2024-53824 | 1 Areoi | 1 All Bootstrap Blocks | 2024-12-06 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AREOI All Bootstrap Blocks allows PHP Local File Inclusion.This issue affects All Bootstrap Blocks: from n/a through 1.3.19. | ||||
| CVE-2024-51541 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2024-12-05 | 8.2 High |
| Local File Inclusion vulnerabilities allow access to sensitive system information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||||
| CVE-2024-11429 | 1 Premio | 1 Testimonials | 2024-12-05 | 8.8 High |
| The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'stars-testimonials-with-slider-and-masonry-grid' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. | ||||
| CVE-2024-52501 | 1 Webbytemplate | 1 Office Locator | 2024-11-29 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in webbytemplate Office Locator.This issue affects Office Locator: from n/a through 1.3.0. | ||||
| CVE-2024-52499 | 1 Kardi | 1 Pricing Table Addon For Elementor | 2024-11-29 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Kardi Pricing table addon for elementor allows PHP Local File Inclusion.This issue affects Pricing table addon for elementor: from n/a through 1.0.0. | ||||
| CVE-2024-52497 | 1 Quomodosoft | 1 Shopready | 2024-11-29 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in quomodosoft Shopready allows PHP Local File Inclusion.This issue affects Shopready: from n/a through 3.5. | ||||
| CVE-2024-52496 | 1 Abosoluteplugins | 1 Absolute Addons For Elementor | 2024-11-29 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AbsolutePlugins Absolute Addons For Elementor allows Local Code Inclusion.This issue affects Absolute Addons For Elementor: from n/a through 1.0.14. | ||||
| CVE-2024-10898 | 1 Krishaweb | 1 Contact Form 7 Email Add On | 2024-11-26 | 8.8 High |
| The Contact Form 7 Email Add on plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the cf7_email_add_on_add_admin_template() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php files can be uploaded and included. | ||||
| CVE-2024-10873 | 1 Lastudio | 1 La-studio Element Kit For Elementor | 2024-11-26 | 8.8 High |
| The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the _load_template function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||