CVE-2024-3812 | ThemeNectar Salient Core Plugin up to 2.0.7 on WordPress Shortcode nectar_icon filename control

Posted by Angelo Barbosa | May 18, 2024 | CVE

A vulnerability was found in ThemeNectar Salient Core Plugin up to 2.0.7 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function nectar_icon of the component Shortcode Handler. The manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is known as CVE-2024-3812. The attack can be launched remotely. There is no exploit available.

CVE-2024-3812 | ThemeNectar Salient Core Plugin up to 2.0.7 on WordPress Shortcode nectar_icon filename control

Related Posts

CVE-2024-43809 | JetBrains TeamCity up to 2024.07 agentPushPreset Page cross site scripting

CVE-2024-23621 | IBM Merge Healthcare eFilm Workstation up to 4.2 buffer overflow

CVE-2023-46929 | GPAC GPAC 2.3-DEV-rev605-gfc9e29089-master MP4Box av_parsers.c gf_avc_change_vui denial of service (Issue 2662)

CVE-2024-38395 | iTerm2 up to 3.5.1 Terminal May Report Window Title Setting Privilege Escalation