CVE-2024-35650

EPSS 0.56%
Veröffentlicht 10.06.2024 16:15:15
Zuletzt bearbeitet 23.04.2026 15:18:29
Quelle audit@patchstack.com
CVE-Watchlists
Login
Unerledigt
Login

WordPress MelaPress Login Security plugin <= 1.3.0 - Remote File Inclusion vulnerability

MelaPress Login Security <= 1.3.0 - Authenticated (Admin+) Remote File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security melapress-login-security.This issue affects MelaPress Login Security: from n/a through <= 1.3.0.

Mögliche Gegenmaßnahme

Melapress Login Security: Update to version 1.3.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Melapress ≫ Melapress Login Security SwPlatformwordpress Version < 1.3.1

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Melapress Login Security

Version *-1.3.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.56%	0.42

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
audit@patchstack.com	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-829 Inclusion of Functionality from Untrusted Control Sphere

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

https://patchstack.com/database/vulnerability/melapress-login-security/wordpress-melapress-login-security-plugin-1-3-0-remote-file-inclusion-vulnerability?_s_id=cve

Third Party Advisory

https://patchstack.com/database/Wordpress/Plugin/melapress-login-security/vulnerability/wordpress-melapress-login-security-plugin-1-3-0-remote-file-inclusion-vulnerability?_s_id=cve

https://www.wordfence.com/threat-intel/vulnerabilities/id/8b2afc70-6e93-4a7f-b452-c2481d25d8de

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-35650

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-35650

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-35650

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-35650