CVE-2024-6164

The Filter & Grids WordPress plugin before 2.8.33 is vulnerable to Local File Inclusion via the post_layout parameter. This makes it possible for an unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ymc-22:filter_\&_grids:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 09:49

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/40bd880e-67a1-4180-b197-8dcadaa0ace4/ - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/40bd880e-67a1-4180-b197-8dcadaa0ace4/ - Exploit, Third Party Advisory

22 Aug 2024, 16:35

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/40bd880e-67a1-4180-b197-8dcadaa0ace4/ - () https://wpscan.com/vulnerability/40bd880e-67a1-4180-b197-8dcadaa0ace4/ - Exploit, Third Party Advisory
CPE cpe:2.3:a:ymc-22:filter_\&_grids:*:*:*:*:*:wordpress:*:*
First Time Ymc-22 filter \& Grids
Ymc-22
CWE CWE-22

01 Aug 2024, 14:00

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
Summary
  • (es) El complemento Filter & Grids de WordPress anterior a 2.8.33 es vulnerable a la inclusión de archivos locales a través del parámetro post_layout. Esto hace posible que un atacante no autenticado incluya y ejecute archivos PHP en el servidor, permitiendo la ejecución de cualquier código PHP en esos archivos.

18 Jul 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-18 06:15

Updated : 2024-11-21 09:49


NVD link : CVE-2024-6164

Mitre link : CVE-2024-6164

CVE.ORG link : CVE-2024-6164


JSON object : View

Products Affected

ymc-22

  • filter_\&_grids
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')