CVE-2024-49649 | Abdul Hakeem Build App Online Plugin up to 1.0.23 on WordPress Include/Require filename control

Inserito da Angelo Barbosa | Gen 7, 2025 | CVE

A vulnerability has been found in Abdul Hakeem Build App Online Plugin up to 1.0.23 on WordPress and classified as very critical. Affected by this vulnerability is the function Include/Require. The manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is known as CVE-2024-49649. The attack can be launched remotely. There is no exploit available.

CVE-2024-49649 | Abdul Hakeem Build App Online Plugin up to 1.0.23 on WordPress Include/Require filename control

Post correlati

CVE-2023-49173 | 10to8 Sign In Scheduling Online Appointment Booking System Plugin cross site scripting

CVE-2024-44205 | Apple macOS log file

CVE-2024-21530 | cocoon up to 0.3.x Encryption nonce re-use (ID 22)

CVE-2023-49624 | Kashipara Group Billing Software 1.0 material_bill.php cancelid sql injection