Path Traversal and Object Injection Vulnerability in Element Pack Pro
CVE-2024-33568

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Element Pack Pro
Vendor: CVE Published:; 4 June 2024

Summary

The vulnerability in BdThemes Element Pack Pro arises from an improper limitation of pathname to a restricted directory, commonly known as Path Traversal, combined with the deserialization of untrusted data. This flaw allows attackers to bypass directory restrictions, potentially facilitating unauthorized access to sensitive files on the server. The affected versions, from n/a up to 7.7.4, may also expose the system to object injection attacks, making it imperative for users to apply security patches and implement best practices to safeguard their installations.

Affected Version(s)

Element Pack Pro < 7.19.3

References

https://patchstack.com/database/vulnerability/bdthemes-el...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 4, 2024
Vulnerability Reserved
Apr 24, 2024

Credit

Rafie Muhammad (Patchstack)