CVE-2025-24782

High CVSS: 8.8

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate post-grid-carousel-ultimate allows PHP Local File Inclusion.This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through <= 1.6.10.

Vendor

Wpwax

Product

Post Grid\, Slider \& Carousel Ultimate

CWE

CWE-98

Yayın Tarihi

2025-01-27 15:15:17

Güncelleme

2026-04-01 17:18:17

Source Identifier

audit@patchstack.com

KEV Date Added

Kategoriler

CWE-98 Post Grid\, Slider \& Carousel Ultimate HIGH Wpwax 2025

Referanslar

https://patchstack.com/database/Wordpress/Plugin/post-grid-carousel-ultimate/vulnerability/wordpress-post-grid-slider-carousel-ultimate-with-shortcode-gutenberg-block-elementor-widget-plugin-1-6-10-local-file-inclusion-vulnerability?_s_id=cve

Benzer Kayıtlar

High

CVE-2025-1570

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to…

Medium

CVE-2024-12041

The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vul…

High

CVE-2024-13409

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is v…