cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-3808,https://securityvulnerability.io/vulnerability/CVE-2024-3808,Arbitrary File Inclusion Vulnerability in Porto Theme's Portfolio Layout Attribute,"The Porto Theme - Functionality plugin for WordPress is affected by a Local File Inclusion vulnerability, allowing authenticated attackers with contributor-level and higher permissions to include and execute arbitrary files on the server. This vulnerability arises through the 'porto_portfolios' shortcode's 'portfolio_layout' attribute, which can be manipulated to bypass access controls. Exploitation of this vulnerability could lead to the execution of PHP code contained in uploaded files, potentially compromising sensitive data and server integrity.",Wordpress,Porto Theme - Functionality,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-14T15:42:00.000Z,0
CVE-2024-3809,https://securityvulnerability.io/vulnerability/CVE-2024-3809,Arbitrary File Inclusion Vulnerability in Porto Theme's Slideshow Type Post Meta,"The Porto Theme - Functionality plugin for WordPress presents a Local File Inclusion vulnerability in all versions up to and including 3.0.9. This vulnerability arises through the 'slideshow_type' post meta, enabling authenticated users with contributor-level and above permissions to include and execute arbitrary files on the server. This capability poses significant risks, such as unauthorized file execution and potential bypassing of access controls. Exploiting this vulnerability allows attackers to execute any PHP code embedded within the uploaded files, leading to sensitive data exposure and compromise of the website's security.",Wordpress,Porto Theme - Functionality,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-14T15:42:00.000Z,0