CVE-2024-1790

MEDIUM Year: 2024
CVSS v3 Score
4.9
Medium
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 7.0.1 via the 'type' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. This is limited to Windows instances.

Related Vulnerabilities

CVE-2016-3424

MEDIUM
CVSS:4.9(Medium)

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.

NVD-CWE-Other2016

CVE-2016-3459

MEDIUM
CVSS:4.9(Medium)

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via ...

NVD-CWE-Other2016

CVE-2016-3495

MEDIUM
CVSS:4.9(Medium)

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

NVD-CWE-Other2016

CVE-2016-3520

MEDIUM
CVSS:4.9(Medium)

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality via ve...

NVD-CWE-Other2016

CVE-2016-5436

MEDIUM
CVSS:4.9(Medium)

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

NVD-CWE-Other2016

CVE-2016-5437

MEDIUM
CVSS:4.9(Medium)

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log.

NVD-CWE-Other2016