CVE-2024-11642
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Jan 9, 2025
CWE ID 22
Summary
CVE-2024-11642 is a vulnerability affecting the Post Grid Master plugin for WordPress, impacting versions up to 3.4.12. The 'locate_template' function in this plugin is the root cause, enabling unauthenticated attackers to include and execute arbitrary PHP files on the server. By exploiting this Local File Inclusion vulnerability, attackers can bypass access controls, obtain sensitive data, or execute code, posing a significant risk. To exploit the vulnerability, the attacker only needs to include a file with a .php extension.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share