Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Published: 03/02/2025 Updated: 03/02/2025

Local File Inclusion in WordPress BoomBox Theme Extensions Plugin via Shortcode

The BoomBox Theme Extensions plugin for WordPress has a Local File Inclusion vulnerability in versions up to and including 1.8.0. The vulnerability exists in the 'boombox_listing' shortcode's 'type' attribute. An authenticated attacker with contributor-level or higher permissions can potentially include and execute arbitrary files on the server. This security issue allows attackers to bypass access controls, access sensitive data, and potentially execute PHP code if PHP file uploads are permitted. The vulnerability presents a significant risk to WordPress sites using this plugin, as it enables unauthorized file inclusion and execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
px-lab boombox theme extensions

CWE-98 https://nvd.nist.gov https://www.first.org/epss https://documentation.px-lab.com/boombox/changelog/https://www.wordfence.com/threat-intel/vulnerabilities/id/c3a647b6-ed9e-402d-9424-2937f7aa8960?source=cve

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-12859

Vulnerability Summary

References

Vulmon Search

About

Products

Connect