Primary

Context

Post Grid, Slider & Carousel Ultimate Local File Inclusion Vulnerability

Vulnerability

Patched

A local file inclusion vulnerability has been identified in the Post Grid, Slider & Carousel Ultimate WordPress plugin, in all versions through 1.6.10. The vulnerability arises from the 'theme' attribute of the 'pgcu' shortcode, allowing authenticated attackers with Contributor-level access or higher to include and execute arbitrary files on the server. This exploitation could bypass access controls, access sensitive data, or execute PHP code in cases where PHP files can be uploaded and included.

Impact

Exploitation of this vulnerability could lead to unauthorized file inclusion, allowing execution of arbitrary PHP code on the server. This could be used to bypass access controls, access sensitive information, or execute malicious code, particularly in environments where PHP file uploads are permitted.

Remediation

Users are advised to update the Post Grid, Slider & Carousel Ultimate plugin to version 1.7 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

10.0

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

10.0

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Post Grid, Slider & Carousel Ultimate Local File Inclusion Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Post Grid, Slider & Carousel Ultimate

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating