Directory Traversal Vulnerability in HT Mega's Absolute Addons For Elementor Plugin
CVE-2024-1974

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: Ht Mega – Absolute Addons For Elementor
Vendor: CVE Published:; 9 April 2024

What is CVE-2024-1974?

The HT Mega – Absolute Addons For Elementor plugin for WordPress is affected by a Directory Traversal vulnerability present in all versions up to and including 2.4.6. This flaw exists in the render function, enabling authenticated attackers with contributor access or higher to exploit the vulnerability. Successful exploitation can lead to unauthorized access to sensitive files on the server, potentially exposing critical information. It is essential for users and administrators of the affected versions to apply updates to mitigate this security risk.

Affected Version(s)

HT Mega – Absolute Addons For Elementor * <= 2.4.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/ht-mega-for-el...

https://plugins.trac.wordpress.org/changeset/3048999/ht-m...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Feb 28, 2024

Credit

Craig Smith