Vulnerabilities > Inclusion of Functionality from Untrusted Control Sphere
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-12 | CVE-2024-4359 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Bdthemes Element Pack The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 5.7.2 via the SVG widget and a lack of sufficient file validation in the render_svg function. | 6.5 |
| 2024-07-22 | CVE-2024-29073 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ankiweb Anki 24.04 An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. | 6.5 |
| 2024-06-10 | CVE-2024-35650 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Melapress Login Security Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through 1.3.0. | 7.2 |
| 2024-06-04 | CVE-2024-35629 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Wow-Company Easy Digital Downloads 1.0.2 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads – Recent Purchases allows PHP Remote File Inclusion.This issue affects Easy Digital Downloads – Recent Purchases: from n/a through 1.0.2. | 9.8 |
| 2023-12-23 | CVE-2023-6971 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Backupbliss Backup Migration The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. | 9.8 |
| 2023-10-30 | CVE-2023-45798 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Yettiesoft Vestcert 2.3.6/2.5.29 In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation of third-party modules. | 9.8 |
| 2023-10-26 | CVE-2023-33559 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ocomon Project Ocomon 3.3/4.0 A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file. | 8.8 |
| 2023-10-20 | CVE-2023-4488 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Hynotech Dropbox Folder Share 1.9.7 The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. | 9.8 |
| 2023-10-20 | CVE-2023-5523 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in M-Files web Companion 23.8 Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution | 7.8 |
| 2023-09-05 | CVE-2023-2453 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in PHP-Fusion PHPfusion There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘require_once’ statement. | 8.8 |