CVE-2024-3810 | ThemeNectar Salient Shortcodes Plugin up to 1.5.3 on WordPress filename control

Posted by Angelo Barbosa | May 18, 2024 | CVE

A vulnerability was found in ThemeNectar Salient Shortcodes Plugin up to 1.5.3 on WordPress. It has been classified as critical. Affected is an unknown function. The manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is traded as CVE-2024-3810. It is possible to launch the attack remotely. There is no exploit available.

CVE-2024-3810 | ThemeNectar Salient Shortcodes Plugin up to 1.5.3 on WordPress filename control

Related Posts

CVE-2023-7191 | S-CMS up to 2.0_build20220529-20231006 member/reg.php M_login/M_email sql injection

CVE-2024-24812 | Frappe up to 14.58.x/15.4.x Portal Page cross site scripting (GHSA-7p3m-h76m-hg9v)

CVE-2024-26318 | Serenity up to 6.7.x Email Link LoginPage.tsx cross site scripting

CVE-2024-37905 | goauthentik prior 2024.2.4/2024.4.2/2024.6.0 API-Access-Token access control (GHSA-c78c-2r9w-p7x4)