Path Traversal Vulnerability Affects Consulting Elementor Widgets
CVE-2024-37089

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Consulting Elementor Widgets
Vendor: CVE Published:; 24 June 2024

Summary

A Path Traversal vulnerability exists in the Consulting Elementor Widgets developed by StylemixThemes, which allows unauthorized attackers to exploit a limitation in pathname restrictions. This weakness can lead to PHP Local File Inclusion, permitting attackers to access sensitive files on the server. The vulnerability affects all versions up to and including 1.3.0, highlighting the need for immediate updates and patches to safeguard against potential breaches.

Affected Version(s)

Consulting Elementor Widgets <= 1.3.0

References

https://patchstack.com/database/vulnerability/consulting-...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 24, 2024
Vulnerability Reserved
Jun 3, 2024

Credit

Rafie Muhammad (Patchstack)