- Description
- The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'sl_engine' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-98
- Hype score
- Not currently trending
CVE-2024-12571 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is vulnerable to Local File Inclus..https://t.co/YaVsNzeUiT #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
25 Dec 2024
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12571 Local File Inclusion Vulnerability in LotsOfLocales WordPress Plugin The Store Locator for WordPress – LotsOfLocales plugin has a Local File Inclusion vulnerability in version 3.98.9. The issue com... https://t.co/5YB6lnA7l8
@VulmonFeeds
20 Dec 2024
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-12571: CRITICAL] WordPress Store Locator plugin v3.98.9 is vulnerable to Local File Inclusion via 'sl_engine' parameter, letting attackers execute arbitrary PHP code, bypass access controls & access sen...#cybersecurity,#vulnerability https://t.co/J06kZZiybW https:/
@CveFindCom
20 Dec 2024
72 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12571 The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'sl_engine' para… https://t.co/bghlxCpM5u
@CVEnew
20 Dec 2024
362 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes