Log out
Get PRO

Latest

Input validation vulnerability in News & Blog Designer Pack – WordPress Blog Plugin — (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) 3.4.1

  • Severity: high-risk
  • Status: Fixed
  • Publication: October 26, 2023

The News & Blog Designer Pack – WordPress Blog Plugin is a plugin for WordPress websites that allows users to design their blog posts. Unfortunately, it has been discovered that all versions of the plugin up to and including 3.4.1 contain a vulnerability that allows unauthorised attackers to run code on the WordPress website. This vulnerability is known as Remote Code Execution via Local File Inclusion. It is caused by the plugin not filtering the input it receives from attackers, meaning that attackers can include malicious files. On certain WordPress configurations, this can allow attackers to gain full control of the website.

Detected in:

Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News fixed vulnerable versions:
Blog Grid & Post Grid – Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry, Category Post Grid By News & Blog Designer Pack fixed vulnerable versions:
Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry, Category Post Grid By News & Blog Designer Pack fixed vulnerable versions:
News & Blog Designer Pack – WordPress Blog Plugin — (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) fixed vulnerable versions: >= * <= 3.4.1

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.