cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-3806,https://securityvulnerability.io/vulnerability/CVE-2024-3806,Porto Theme Vulnerable to Local File Inclusion Attacks,"The Porto Theme for WordPress is susceptible to a Local File Inclusion (LFI) vulnerability that affects all versions up to and including 7.1.0. The vulnerability is rooted in the 'porto_ajax_posts' function, which allows unauthenticated attackers to manipulate the inclusion of server files. This exploitation can lead to the execution of arbitrary PHP code included in those files, thereby bypassing standard access controls. Attackers can potentially access sensitive information or execute malicious code on the server by leveraging this flaw, especially in situations where PHP files can be uploaded and included.",Wordpress,Porto,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-14T15:42:00.000Z,0
CVE-2024-3807,https://securityvulnerability.io/vulnerability/CVE-2024-3807,Porto theme vulnerable to Local File Inclusion,"The Porto theme for WordPress contains a vulnerability that allows authenticated attackers, with contributor-level permissions and above, to perform Local File Inclusion (LFI) attacks. This vulnerability is triggered through the 'porto_page_header_shortcode_type', 'slideshow_type', and 'post_layout' post meta parameters, which enable the inclusion and execution of arbitrary files on the server. If exploited, attackers can bypass access controls, gain unauthorized access to sensitive data, and execute any PHP code contained within the included files. While this vulnerability was partially addressed in version 7.1.0, it received a full patch in version 7.1.1.",Wordpress,Porto,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-14T15:42:00.000Z,0
CVE-2024-3808,https://securityvulnerability.io/vulnerability/CVE-2024-3808,Arbitrary File Inclusion Vulnerability in Porto Theme's Portfolio Layout Attribute,"The Porto Theme - Functionality plugin for WordPress is affected by a Local File Inclusion vulnerability, allowing authenticated attackers with contributor-level and higher permissions to include and execute arbitrary files on the server. This vulnerability arises through the 'porto_portfolios' shortcode's 'portfolio_layout' attribute, which can be manipulated to bypass access controls. Exploitation of this vulnerability could lead to the execution of PHP code contained in uploaded files, potentially compromising sensitive data and server integrity.",Wordpress,Porto Theme - Functionality,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-14T15:42:00.000Z,0
CVE-2024-3809,https://securityvulnerability.io/vulnerability/CVE-2024-3809,Arbitrary File Inclusion Vulnerability in Porto Theme's Slideshow Type Post Meta,"The Porto Theme - Functionality plugin for WordPress presents a Local File Inclusion vulnerability in all versions up to and including 3.0.9. This vulnerability arises through the 'slideshow_type' post meta, enabling authenticated users with contributor-level and above permissions to include and execute arbitrary files on the server. This capability poses significant risks, such as unauthorized file execution and potential bypassing of access controls. Exploiting this vulnerability allows attackers to execute any PHP code embedded within the uploaded files, leading to sensitive data exposure and compromise of the website's security.",Wordpress,Porto Theme - Functionality,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-14T15:42:00.000Z,0