CVE-2024-35650
WordPress MelaPress Login Security plugin <= 1.3.0 - Remote File Inclusion vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through 1.3.0.
Control inadecuado del nombre de archivo para la declaración Incluir/Requerir en el programa PHP ('Inclusión remota de archivos PHP') vulnerabilidad en Melapress MelaPress Login Security permite la inclusión remota de archivos PHP. Este problema afecta la seguridad de inicio de sesión de MelaPress: desde n/a hasta 1.3.0.
The MelaPress Login Security plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.3.0 via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files hosted on remote servers, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution. This requires the site to have the allow_url_include setting to be enabled.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-17 CVE Reserved
- 2024-06-03 CVE Published
- 2024-06-13 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
- CWE-829: Inclusion of Functionality from Untrusted Control Sphere
CAPEC
- CAPEC-193: PHP Remote File Inclusion
References (1)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Melapress Search vendor "Melapress" | Melapress Login Security Search vendor "Melapress" for product "Melapress Login Security" | < 1.3.1 Search vendor "Melapress" for product "Melapress Login Security" and version " < 1.3.1" | wordpress |
Affected
|