WordPress Plugin Security Update Advisory (CVE-2024-12040)

Dec 19 2024

Overview

An update has been released to address vulnerabilities in WordPress Plugin. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-12040

Product Carousel Slider & Grid Ultimate for WooCommerce Version: ~ 1.9.10 (inclusive)

Resolved Vulnerabilities

Local file inclusion (LFI) vulnerability which allows an authenticated attacker with at least Contributor level access to include and execute arbitrary files on the server to execute all PHP code in those files(CVE-2024-12040)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-12040

Product Carousel Slider & Grid Ultimate for WooCommerce version: 1.10.0

Referenced Sites

[1] CVE-2024-12040 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-12040

[2] Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.10 – Authenticated (Contributor+) Local File Inclusion via ‘theme’

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woo-product-carousel-slider-and-grid-ultimate/product-carousel-slider-grid-ultimate-for-woocommerce-1910-authenticated-contributor-local-file-inclusion-via-theme

WordPress Plugin Security Update Advisory (CVE-2024-12040)

Apache Tomcat December Vulnerability Security Update Advisory

BeyondTrust Product Security Update Advisory (CVE-2024-12356)

Tags:

Apache Tomcat December Vulnerability Security Update Advisory

BeyondTrust Product Security Update Advisory (CVE-2024-12356)