CVE-2024-6460

Name of the Vulnerable Software and Affected Versions The Grow by Tradedoubler WordPress plugin versions 2.0.21 and earlier

Description The issue allows attackers to include and execute PHP files on the server via the component parameter, enabling the execution of any PHP code in those files. This is a Local File Inclusion vulnerability.

Recommendations For versions 2.0.21 and earlier, consider disabling the component parameter until a patch is available to prevent exploitation. Restrict access to sensitive PHP files to minimize the risk of execution. Update to a version later than 2.0.21 when available.