CVE-2024-12859 | PX-lab BoomBox Theme Extensions up to 1.8.0 on WordPress Shortcode boombox_listing type filename control

Inserito da Angelo Barbosa | Feb 3, 2025 | CVE

A vulnerability classified as problematic was found in PX-lab BoomBox Theme Extensions up to 1.8.0 on WordPress. This vulnerability affects the function boombox_listing of the component Shortcode Handler. The manipulation of the argument type leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability was named CVE-2024-12859. Attacking locally is a requirement. There is no exploit available.

CVE-2024-12859 | PX-lab BoomBox Theme Extensions up to 1.8.0 on WordPress Shortcode boombox_listing type filename control

Post correlati

CVE-2024-49619 | Acespritech Solutions Social Link Groups Plugin up to 1.1.0 on WordPress sql injection

CVE-2024-8788 | EU UK VAT Manager for WooCommerce Plugin up to 2.12.12 on WordPress cross site scripting

CVE-2024-34116 | Adobe Creative Cloud Desktop up to 6.1.0.587 uncontrolled search path (apsb24-44)

CVE-2024-21153 | Oracle Process Manufacturing Product Development 12.2.13 Quality Management Specs improper authorization