Manipulating Web Input to File System Calls Vulnerability
CVE-2024-24934

8.1HIGH

Key Information:

Vendor: WordPress
Status: Elementor Website Builder
Vendor: CVE Published:; 17 May 2024

Summary

A vulnerability exists in Elementor Website Builder allowing attackers to manipulate web input to execute unauthorized file system calls through improper limitation of a pathname to a restricted directory. This can lead to path traversal attacks, posing security risks for websites using Elementor versions up to 3.19.0. Users of this plugin should be aware of potential exploitation avenues that may compromise their site integrity and data security.

Affected Version(s)

Elementor Website Builder <= 3.19.0

References

https://patchstack.com/database/vulnerability/elementor/w...

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2024
Vulnerability Reserved
Feb 1, 2024

Credit

Rhynorater (Justin Gardner)