CVE-2024-12811 | ShineTheme Travel Booking WordPress Theme up to 3.1.8 on WordPress Shortcode hotel_alone_slider style filename control

A vulnerability was found in ShineTheme Travel Booking WordPress Theme up to 3.1.8 on WordPress. It has been classified as critical. This affects the function hotel_alone_slider of the component Shortcode Handler. The manipulation of the argument style leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is uniquely identified as CVE-2024-12811. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-12811 | ShineTheme Travel Booking WordPress Theme up to 3.1.8 on WordPress Shortcode hotel_alone_slider style filename control

Related Posts

CVE-2023-6502 | GitLab Community Edition/Enterprise Edition up to 16.10.5/16.11.2/17.0.0 Wiki resource consumption (Issue 433534)

CVE-2024-47048 | Rocket.Chat up to 6.12.0 Release Note cross site scripting

CVE-2024-7077 | Semtek Sempos up to 31072024 cross site scripting

CVE-2024-38486 | Dell SmartFabric OS10 Software up to 10.5.5.10/10.5.6.x command injection (dsa-2024-376)