CVE-2025-24782

Name of the Vulnerable Software and Affected Versions wpWax Post Grid, Slider & Carousel Ultimate versions 1.6.10 and earlier

Description The issue affects the wpWax Post Grid, Slider & Carousel Ultimate plugin for WordPress, allowing PHP Local File Inclusion due to improper control of filename for include/require statement in PHP program. This can enable a remote attacker to gain unauthorized access to protected information.

Recommendations For versions 1.6.10 and earlier, update to a version later than 1.6.10 to resolve the issue. As a temporary workaround, consider disabling the include or require functions in the affected plugin until a patch is available. Restrict access to sensitive files and directories to minimize the risk of exploitation.