CVE-2024-11289 | pencidesign Soledad Plugin up to 8.5.9 on WordPress filename control

A vulnerability was found in pencidesign Soledad Plugin up to 8.5.9 on WordPress. It has been declared as problematic. This vulnerability affects the function penci_archive_more_post_ajax_func/penci_more_post_ajax_func/penci_more_featured_post_ajax_func. The manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability was named CVE-2024-11289. The attack can be initiated remotely. There is no exploit available.

CVE-2024-11289 | pencidesign Soledad Plugin up to 8.5.9 on WordPress filename control

Post correlati

CVE-2024-34809 | Extend Themes EmpowerWP Plugin up to 1.0.21 on WordPress cross-site request forgery

CVE-2024-51578 | Luca Paggetti 3D Presentation Plugin up to 1.0 on WordPress cross site scripting

CVE-2023-6417 | Voovi Social Networking Script 1.0 update.php id sql injection

CVE-2024-7687 | AZIndex Plugin up to 0.8.1 on WordPress cross-site request forgery