CVE-2024-13408 | wpwax Post Grid, Slider & Carousel Ultimate Plugin up to 1.6.10 on WordPress Shortcode pgcu filename control

CVE-2024-13408 | wpwax Post Grid, Slider & Carousel Ultimate Plugin up to 1.6.10 on WordPress Shortcode pgcu filename control

A vulnerability, which was classified as problematic, has been found in wpwax Post Grid, Slider & Carousel Ultimate Plugin up to 1.6.10 on WordPress. Affected by this issue is the function pgcu of the component Shortcode Handler. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is handled as CVE-2024-13408. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.