CVE-2024-11289 | pencidesign Soledad Plugin up to 8.5.9 on WordPress filename control

A vulnerability was found in pencidesign Soledad Plugin up to 8.5.9 on WordPress. It has been declared as problematic. This vulnerability affects the function penci_archive_more_post_ajax_func/penci_more_post_ajax_func/penci_more_featured_post_ajax_func. The manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability was named CVE-2024-11289. The attack can be initiated remotely. There is no exploit available.

CVE-2024-11289 | pencidesign Soledad Plugin up to 8.5.9 on WordPress filename control

Post correlati

CVE-2024-2349 | Fancy Elementor Flipbox Plugin up to 2.4.2 on WordPress Widget cross site scripting

CVE-2023-5405 | Honeywell Experion Server Message information disclosure

CVE-2024-50591 | Hasomed Elefant prior 1.4.2.1811 Update Service command injection

CVE-2023-42012 | IBM UrbanCode Deploy up to 7.2.3.7/7.3.2.2 denial of service (XFDB-265509)