CVE-2024-13408 | wpwax Post Grid, Slider & Carousel Ultimate Plugin up to 1.6.10 on WordPress Shortcode pgcu filename control

A vulnerability, which was classified as problematic, has been found in wpwax Post Grid, Slider & Carousel Ultimate Plugin up to 1.6.10 on WordPress. Affected by this issue is the function pgcu of the component Shortcode Handler. The manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is handled as CVE-2024-13408. Attacking locally is a requirement. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-13408 | wpwax Post Grid, Slider & Carousel Ultimate Plugin up to 1.6.10 on WordPress Shortcode pgcu filename control

Related Posts

CVE-2024-1168 | SEOPress Plugin up to 7.9 on WordPress Social Image URL cross site scripting

CVE-2024-2741 | Planet IGS-4215-16T2S 1.305b210528 Switch Web Interface cross-site request forgery

CVE-2024-51839 | Meini Utech Spinning Earth Plugin up to 1.2 on WordPress cross site scripting

CVE-2024-34766 | Automattic ChaosTheory Plugin up to 1.3 on WordPress cross site scripting