WordPress Sogrid <=1.5.2 Local File Inclusion Vulnerability (CVE-2024-8392)

From this webpage screenshot, the following key vulnerability information can be obtained: 1. Vulnerability Name: WordPress Post Grid Layouts with Pagination - Sogrid <= 1.5.2 - Authenticated (Admin+) Local File Inclusion 2. Vulnerability Description: - Describes a Local File Inclusion (LFI) vulnerability present in all versions of the Sogrid plugin (<= 1.5.2). - The vulnerability allows attackers with administrator or higher privileges to bypass access controls via the parameter, enabling them to retrieve sensitive data or, in some cases, execute arbitrary PHP code. 3. Vulnerability Severity: CVSS 7.2 (High) 4. Public Release Date: October 25, 2024 5. Last Updated Date: October 26, 2024 6. Researcher: paulmockford 7. Affected Versions: <= 1.5.2 8. Fix Status: No known fix available. 9. Vulnerability Type: Improper Control of Filename for Include/Require Statement in PHP Program (PHP Remote File Inclusion) 10. CVE ID: CVE-2024-8392 11. CVSS Score: 7.2 (High) 12. Public Release Date: October 25, 2024 13. Last Updated Date: October 26, 2024 14. Researcher: paulmockford 15. Affected Versions: <= 1.5.2 16. Fix Status: No known fix available. 17. Vulnerability Type: Improper Control of Filename for Include/Require Statement in PHP Program (PHP Remote File Inclusion) 18. CVE ID: CVE-2024-8392 19. CVSS Score: 7.2 (High) 20. Public Release Date: October 25, 2024 21. Last Updated Date: October 26, 2024 22. Researcher: paulmockford 23. Affected Versions: <= 1.5.2 24. Fix Status: No known fix available. 25. Vulnerability Type: Improper Control of Filename for Include/Require Statement in PHP Program (PHP Remote File Inclusion) 26. CVE ID: CVE-2024-8392 27. CVSS Score: 7.2 (High) 28. Public Release Date: October 25, 2024 29. Last Updated Date: October 26, 2024 30. Researcher: paulmockford 31. Affected Versions: <= 1.5.2 32. Fix Status: No known fix available. 33. Vulnerability Type: Improper Control of Filename for Include/Require Statement in PHP Program (PHP Remote File Inclusion) 34. CVE ID: CVE-2024-8392 35. CVSS Score: 7.2 (High) 36. Public Release Date: October 25, 2024 37. Last Updated Date: October 26, 2024 38. Researcher: paulmockford 39. Affected Versions: <= 1.5.2 40. Fix Status: No known fix available. 41. Vulnerability Type: Improper Control of Filename for Include/Require Statement in PHP Program (PHP Remote File Inclusion) 42. CVE ID: CVE-2024-8392 43. CVSS Score: 7.2 (High) 44. Public Release Date: October 25, 2024 45. Last Updated Date: October 26, 2024 46. Researcher: paulmockford 47. Affected Versions: <= 1.5.2 48. Fix Status: No known fix available. 49. Vulnerability Type: Improper Control of Filename for Include/Require Statement in PHP Program (PHP Remote File Inclusion) 50. CVE ID: CVE-2024-8392 51. CVSS Score: 7.2 (High) 52. Public Release Date: October 25, 2024 53. Last Updated Date: October 26, 2024 54. Researcher: paulmockford 55. Affected Versions: <= 1.5.2 56. Fix Status: No known fix available. 57. Vulnerability Type: Improper Control of Filename for Include/Require Statement in PHP Program (PHP Remote File Inclusion) 58. CVE ID: CVE-2024-8392 59. CVSS Score: 7.2 (High) 60. Public Release Date: October 25, 2024 61. Last Updated Date: October 26, 2024 62. Researcher: paulmockford 63. Affected Versions: <= 1.5.2 64. Fix Status: No known fix available. 65. Vulnerability Type: Improper Control of Filename for Include/Require Statement in PHP Program (PHP Remote File Inclusion) 66. CVE ID: CVE-2024-8392 67. CVSS Score: 7.2 (High) 68. Public Release Date: October 25, 2024 69. Last Updated Date: October 26, 2024 70. Researcher: paulmockford 71. Affected Versions: <= 1.5.2 72. Fix Status: No known fix available. 73. Vulnerability Type: Improper Control of Filename for Include/Require Statement in PHP Program (PHP Remote File Inclusion) 74. CVE ID: CVE-2024-8392 75. CVSS Score: 7.2 (High) 76. Public Release Date: October 25, 2024 77. Last Updated Date: October 26, 2024 78. Researcher: paulmockford 79. Affected Versions: <= 1.5.2 80. Fix Status: No known fix available. 81. Vulnerability Type: Improper Control of Filename for Include/Require Statement in PHP Program (PHP Remote File Inclusion) 82. CVE ID: CVE-2024-8392 83. CVSS Score: 7.2 (High) 84. Public Release Date: October 25, 2024 85. Last Updated Date: October 26, 2024 86. Researcher: paulmockford 87. Affected Versions: <= 1.5.2 88. Fix Status: No known fix available. 89. Vulnerability Type: Improper Control of Filename for Include/Require Statement in PHP Program (PHP Remote File Inclusion) 90. CVE ID: CVE-2024-8392 91. CVSS Score: 7.2 (High) 92. Public Release Date: October 25, 2024 93. Last Updated Date: October 26, 2024 94. Researcher: paulmockford 95. Affected Versions: <= 1.5.2 96. Fix Status: No known fix available. 97. Vulnerability Type: Improper Control of Filename for Include/Require Statement in PHP Program (PHP Remote File Inclusion) 98. CVE ID: CVE-2024-8392 99. CVSS Score: 7.2 (High) 100. Public Release Date: October 25, 2024 10

Goal Reached Thanks to every supporter — we hit 100%!

WordPress Sogrid <=1.5.2 Local File Inclusion Vulnerability (CVE-2024-8392)

More from this source