27Oca
CVE-2025-24782 | wpWax Post Grid, Slider & Carousel Ultimate Plugin up to 1.6.10 on WordPress filename control
A vulnerability was found in wpWax Post Grid, Slider & Carousel Ultimate Plugin up to 1.6.10 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is known as CVE-2025-24782. The attack can be launched remotely. There is no exploit available.