CVE-2024-13409 | wpwax Post Grid Slider & Carousel Ultimate Plugin up to 1.6.10 on WordPress Shortcode post_type_ajax_handler theme path traversal

Inserito da Angelo Barbosa | Gen 24, 2025 | CVE

A vulnerability classified as critical was found in wpwax Post Grid Slider & Carousel Ultimate Plugin up to 1.6.10 on WordPress. Affected by this vulnerability is the function post_type_ajax_handler of the component Shortcode Handler. The manipulation of the argument theme leads to path traversal.

This vulnerability is known as CVE-2024-13409. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-13409 | wpwax Post Grid Slider & Carousel Ultimate Plugin up to 1.6.10 on WordPress Shortcode post_type_ajax_handler theme path traversal

Post correlati

CVE-2024-49313 | RudeStan VKontakte Wall Post Plugin up to 2.0 on WordPress cross-site request forgery

CVE-2024-0506 | Elementor Website Builder Plugin up to 3.18.3 on WordPress get_image_alt cross site scripting

CVE-2024-22199 | gofiber template prior 3.1.9 cross site scripting

CVE-2024-31199 | Plug&Track Sensor Net Connect V2 2.24 cross site scripting