The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData() function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files ending with "Form.php" on the server , allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-02-02T11:34:14.634Z
Updated: 2024-08-01T18:18:18.686Z
Reserved: 2024-01-23T21:42:28.986Z
Link: CVE-2024-0844
Vulnrichment
Updated: 2024-08-01T18:18:18.686Z
NVD
Status : Modified
Published: 2024-02-02T12:15:49.000
Modified: 2024-11-21T08:47:29.657
Link: CVE-2024-0844
Redhat
No data.