Command Injection Vulnerability in Consulting Elementor Widgets
CVE-2024-37091

8.8HIGH

What is CVE-2024-37091?

A command injection vulnerability exists in StylemixThemes Consulting Elementor and Masterstudy Elementor Widgets that allows attackers to execute arbitrary commands on the host operating system. This can lead to severe security breaches, including unauthorized access to sensitive data and system control. The flaw is attributed to improper neutralization of special elements in user-supplied inputs. Versions prior to 1.3.0 for Consulting Elementor Widgets and 1.2.2 for Masterstudy Elementor Widgets are affected, highlighting a critical need for immediate updates and patches to safeguard against potential exploitation.

Affected Version(s)

Consulting Elementor Widgets <= 1.3.0

Masterstudy Elementor Widgets <= 1.2.2

References

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rafie Muhammad (Patchstack)
.
The Cyber Security Vulnerability Database.