The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allow_url_include to be enabled on the target site in order to exploit.
Metrics
Affected Vendors & Products
References
History
Tue, 06 Aug 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Canto
Canto canto |
|
Weaknesses | NVD-CWE-Other | |
CPEs | cpe:2.3:a:canto:canto:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Canto
Canto canto |
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-06-14T04:36:55.457Z
Updated: 2024-08-01T20:55:10.310Z
Reserved: 2024-05-15T13:03:29.719Z
Link: CVE-2024-4936
Vulnrichment
Updated: 2024-08-01T20:55:10.310Z
NVD
Status : Modified
Published: 2024-06-14T05:15:49.400
Modified: 2024-11-21T09:43:54.530
Link: CVE-2024-4936
Redhat
No data.