CVE-2024-3806 | Porto Plugin up to 7.1.0 on WordPress porto_ajax_posts file inclusion

Posted by Angelo Barbosa | May 8, 2024 | CVE

A vulnerability was found in Porto Plugin up to 7.1.0 on WordPress. It has been classified as critical. Affected is the function porto_ajax_posts. The manipulation leads to file inclusion.

This vulnerability is traded as CVE-2024-3806. The attack can only be done within the local network. There is no exploit available.

CVE-2024-3806 | Porto Plugin up to 7.1.0 on WordPress porto_ajax_posts file inclusion

Related Posts

CVE-2024-6444 | zephyrproject-rtos Zephyr up to 3.6 ots_client.c olcp_ind_handler heap-based overflow

CVE-2024-45293 | PHPOffice PhpSpreadsheet up to 1.29.0/2.1.0 Excel Parser XmlScanner.php toUtf8 xml external entity reference (GHSA-6hwr-6v2f-3m88)

CVE-2024-37135 | Dell Data Manager Appliance Software up to 5.16.0.0 credentials storage (dsa-2024-290)

CVE-2022-48940 | Linux Kernel up to 5.15.25/5.16.11 bpf copy_map_value stack-based overflow (719d1c2524c8/eca9bd215d22/a8abb0c3dc1e)