Total
52 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10571 | 1 Ays-pro | 1 Chartify | 2024-11-14 | 9.8 Critical |
| The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2024-52381 | 2024-11-14 | 8.1 High | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Shoaib Rehmat ZIJ KART allows PHP Local File Inclusion.This issue affects ZIJ KART: from n/a through 1.1. | ||||
| CVE-2024-10871 | 1 Trustyplugins | 1 Category Ajax Filter | 2024-11-12 | 9.8 Critical |
| The Category Ajax Filter plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.2 via the 'params[caf-post-layout]' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where files with a .php extension can be uploaded and included. | ||||
| CVE-2024-50497 | 1 Buynowdepot | 1 Advanced Online Ordering And Delivery Platform | 2024-10-31 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuyNowDepot Advanced Online Ordering and Delivery Platform allows PHP Local File Inclusion.This issue affects Advanced Online Ordering and Delivery Platform: from n/a through 2.0.0. | ||||
| CVE-2024-50434 | 1 Themehorse | 1 Newscard | 2024-10-29 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Theme Horse NewsCard.This issue affects NewsCard: from n/a through 1.3. | ||||
| CVE-2024-50435 | 1 Themehorse | 1 Meta News | 2024-10-29 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Theme Horse Meta News.This issue affects Meta News: from n/a through 1.1.7. | ||||
| CVE-2024-50436 | 1 Themehorse | 1 Clean Retina | 2024-10-29 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Theme Horse Clean Retina.This issue affects Clean Retina: from n/a through 3.0.6. | ||||
| CVE-2024-50457 | 1 Qodeinteractive | 1 Qode Essential Addons | 2024-10-29 | 7.5 High |
| : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.6.3. | ||||
| CVE-2024-10436 | 1 Wpclever | 1 Wpc Smart Messages For Woocommerce | 2024-10-29 | 8.8 High |
| The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.1 via the get_condition_value function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2024-8392 | 2024-10-28 | 7.2 High | ||
| The WordPress Post Grid Layouts with Pagination – Sogrid plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.2 via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This can also be exploited via CSRF techniques. | ||||
| CVE-2024-49690 | 1 Qodeinteractive | 1 Qi Blocks | 2024-10-25 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Interactive Qi Blocks.This issue affects Qi Blocks: from n/a through 1.3.2. | ||||
| CVE-2024-49701 | 1 Themehorse | 1 Interface | 2024-10-25 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Theme Horse Mags.This issue affects Mags: from n/a through 1.1.6. | ||||
| CVE-2024-49243 | 2 Jon Vincent Mendoza, Jonvincentmendoza | 2 Dynamic Elementor Addons, Dynamic Elementor Addons | 2024-10-22 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Jon Vincent Mendoza Dynamic Elementor Addons allows PHP Local File Inclusion.This issue affects Dynamic Elementor Addons: from n/a through 1.0.0. | ||||
| CVE-2024-49317 | 1 Zipang | 1 Point Maker | 2024-10-18 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ZIPANG Point Maker allows PHP Local File Inclusion.This issue affects Point Maker: from n/a through 0.1.4. | ||||
| CVE-2024-9981 | 1 Formosasoft | 2 Ee-class, Ee Class | 2024-10-17 | 8.8 High |
| The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server. | ||||
| CVE-2024-49251 | 1 Maantheme | 1 Maan Addons For Elementor | 2024-10-16 | 7.5 High |
| : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Maantheme Maan Addons For Elementor allows Local Code Inclusion.This issue affects Maan Addons For Elementor: from n/a through 1.0.1. | ||||
| CVE-2024-48029 | 1 Hung Trang Si | 1 Sb Random Posts Widget | 2024-10-16 | 7.5 High |
| : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hung Trang Si SB Random Posts Widget allows PHP Local File Inclusion.This issue affects SB Random Posts Widget: from n/a through 1.0. | ||||
| CVE-2023-4195 | 2 Agentejo, Cockpit-hq | 2 Cockpit, Cockpit | 2024-10-09 | 8.8 High |
| PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3. | ||||
| CVE-2024-41925 | 1 Optigo | 1 Ons-s8 Firmware | 2024-10-04 | 9.8 Critical |
| The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute remote code. | ||||
| CVE-2023-23565 | 1 Geomatika | 1 Isigeo Web | 2024-10-02 | 4.9 Medium |
| An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion. | ||||