The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allow_url_include to be enabled on the target site in order to exploit.
History

Tue, 06 Aug 2024 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Canto
Canto canto
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:a:canto:canto:*:*:*:*:*:wordpress:*:*
Vendors & Products Canto
Canto canto

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-06-14T04:36:55.457Z

Updated: 2024-08-01T20:55:10.310Z

Reserved: 2024-05-15T13:03:29.719Z

Link: CVE-2024-4936

cve-icon Vulnrichment

Updated: 2024-08-01T20:55:10.310Z

cve-icon NVD

Status : Modified

Published: 2024-06-14T05:15:49.400

Modified: 2024-11-21T09:43:54.530

Link: CVE-2024-4936

cve-icon Redhat

No data.