cleantalk
Vulnerabilities and Security Researches

Responsive Owl Carousel for Elementor, CVE-2024-5345

CVE, Research URL

CVE-2024-5345

Home page URL

Security reports for Responsive Owl Carousel for Elementor

Application

Responsive Owl Carousel for Elementor

Published on
May 31, 2024
Research Description
The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.0 via the layout parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The inclusion is limited to PHP files.
Affected versions
Min -, max 1.2.1.
Status
vulnerable
Previous vulnerability researches
Owl carousel responsive (CVE-2025-5590) , Jul 01, 2025
Responsive Owl Carousel for Elementor (CVE-2024-5345) , Jun 07, 2024
New vulnerability
SiteOrigin Widgets Bundle (CVE-2025-5585) , Jul 02, 2025
Plugin Inspector (CVE-2025-53298) , Jul 02, 2025
EZ SQL Reports Shortcode Widget and DB Backup (CVE-2025-6462) , Jul 01, 2025
Related Products Manager for WooCommerce (CVE-2025-50045) , Jul 01, 2025
web-cam (CVE-2025-6540) , Jul 01, 2025