CVE-2024-13409 | wpwax Post Grid Slider & Carousel Ultimate Plugin up to 1.6.10 on WordPress Shortcode post_type_ajax_handler theme path traversal

Inserito da Angelo Barbosa | Gen 24, 2025 | CVE

A vulnerability classified as critical was found in wpwax Post Grid Slider & Carousel Ultimate Plugin up to 1.6.10 on WordPress. Affected by this vulnerability is the function post_type_ajax_handler of the component Shortcode Handler. The manipulation of the argument theme leads to path traversal.

This vulnerability is known as CVE-2024-13409. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-13409 | wpwax Post Grid Slider & Carousel Ultimate Plugin up to 1.6.10 on WordPress Shortcode post_type_ajax_handler theme path traversal

Post correlati

CVE-2024-41739 | IBM Cognos Dashboards on Cloud Pak for Data 4.0.7/5.0.0 uncontrolled search path

CVE-2024-0551 | mintplex-labs anything-llm up to 0.0.x Export access control

CVE-2024-46610 | Thecosy IceCMS up to 3.4.7 POST Request UserController.java ChangeUser username/password access control

CVE-2024-34000 | moodle Lesson Overview Report user ID cross site scripting