Vulnerabilities > Wpwax > Post Grid Slider Carousel Ultimate > 1.6.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-27 | CVE-2025-24782 | PHP Remote File Inclusion vulnerability in Wpwax Post Grid, Slider & Carousel Ultimate Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows PHP Local File Inclusion. | 8.8 |
| 2024-03-13 | CVE-2024-2006 | Deserialization of Untrusted Data vulnerability in Wpwax Post Grid, Slider & Carousel Ultimate The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7 via deserialization of untrusted input in the outpost_shortcode_metabox_markup function. | 8.8 |