Arbitrary File Inclusion Vulnerability in Responsive Owl Carousel for Elementor

CVE-2024-5345

What is CVE-2024-5345?

The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion (LFI) in all versions up to and including 1.2.0 through the layout parameter. This vulnerability permits authenticated attackers with Contributor-level access or higher to include and execute arbitrary files on the server. The exploitation of this vulnerability enables the execution of PHP code contained in the included files, which can lead to bypassing access controls, accessing sensitive data, or achieving unauthorized code execution, particularly through the upload and inclusion of files masquerading as safe images and other file types. The vulnerability is particularly concerning as it is limited to PHP files that can be executed on the server.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References