CVE-2024-43232 – WordPress Timeline and History slider plugin <= 2.3 - Local File Inclusion vulnerability

https://notcve.org/view.php?id=CVE-2024-43232

09 Aug 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP OnlineSupport, Essential Plugin Timeline and History slider allows PHP Local File Inclusion.This issue affects Timeline and History slider: from n/a through 2.3. The Timeline and History slider plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.3 via the 'design' attribute of the plugin's shortcode. This makes it possible for authenticated attackers, with Contrib... • https://patchstack.com/database/vulnerability/timeline-and-history-slider/wordpress-timeline-and-history-slider-plugin-2-3-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •