The Filter & Grids WordPress plugin before 2.8.33 is vulnerable to Local File Inclusion via the post_layout parameter. This makes it possible for an unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/40bd880e-67a1-4180-b197-8dcadaa0ace4/ | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/40bd880e-67a1-4180-b197-8dcadaa0ace4/ | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 09:49
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/40bd880e-67a1-4180-b197-8dcadaa0ace4/ - Exploit, Third Party Advisory |
22 Aug 2024, 16:35
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/40bd880e-67a1-4180-b197-8dcadaa0ace4/ - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:ymc-22:filter_\&_grids:*:*:*:*:*:wordpress:*:* | |
First Time |
Ymc-22 filter \& Grids
Ymc-22 |
|
CWE | CWE-22 |
01 Aug 2024, 14:00
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
Summary |
|
18 Jul 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-18 06:15
Updated : 2024-11-21 09:49
NVD link : CVE-2024-6164
Mitre link : CVE-2024-6164
CVE.ORG link : CVE-2024-6164
JSON object : View
Products Affected
ymc-22
- filter_\&_grids
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')