CVE-2024-52428
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-52428 is a newly disclosed vulnerability affecting the Scripteo Ads Booster plugin for WordPress, specifically versions from n/a to 1.12. This issue involves an Improper Control of Filename for Include/Require Statement in PHP code, which leads to a Local File Inclusion vulnerability. Attackers can exploit this flaw to load arbitrary files on the targeted server, potentially leading to serious security consequences. The PHP Remote File Inclusion technique is used to execute the attack. It is crucial for users to update their Ads Booster plugin as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.