PHP Local File Inclusion Vulnerability in Dynamic Web Lab WooCommerce Product Slider
CVE-2024-56230

7.5HIGH

Key Information:

Vendor: WordPress
Status: Dynamic Product Category Grid, Slider For WooCommerce
Vendor: CVE Published:; 31 December 2024

Summary

A vulnerability affecting Dynamic Web Lab’s Dynamic Product Category Grid and Slider for WooCommerce arises from improper control of the filename during PHP include or require statements. This flaw permits a form of PHP Local File Inclusion, where unauthorized access to local files may occur, thereby exposing sensitive information or allowing further exploits. The issue affects versions from n/a up to and including 1.1.3, emphasizing the need for users to review their installations and implement necessary security updates.

Affected Version(s)

Dynamic Product Category Grid, Slider for WooCommerce <= 1.1.3

References

https://patchstack.com/database/wordpress/plugin/dynamic-...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Dec 18, 2024

Credit

João Pedro Soares de Alcântara - Kinorth (Patchstack Alliance)