CVE-2024-3806 | Porto Plugin up to 7.1.0 on WordPress porto_ajax_posts file inclusion

Posted by Angelo Barbosa | May 8, 2024 | CVE

A vulnerability was found in Porto Plugin up to 7.1.0 on WordPress. It has been classified as critical. Affected is the function porto_ajax_posts. The manipulation leads to file inclusion.

This vulnerability is traded as CVE-2024-3806. The attack can only be done within the local network. There is no exploit available.

CVE-2024-3806 | Porto Plugin up to 7.1.0 on WordPress porto_ajax_posts file inclusion

Related Posts

CVE-2024-41022 | Linux Kernel up to 6.10.1 AMD GPU sdma_v4_0_process_trap_irq instance Privilege Escalation

CVE-2024-9270 | Lenxel Core for Lenxel LMS Plugin up to 1.1 on WordPress SVG File Upload cross site scripting

CVE-2023-47209 | TP-Link ER7206 Omada Gigabit VPN Router 1.3.0 Build 20230322 Rel.70591 IPsec Policy os command injection (TALOS-2023-1854)

CVE-2024-28824 | Checkmk up to 2.0.0p39/2.1.0p40/2.2.0p23/2.3.0b3 Agent Plugin least privilege violation