Command Injection Vulnerability in Consulting Elementor Widgets
CVE-2024-37091
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 24 June 2024
What is CVE-2024-37091?
A command injection vulnerability exists in StylemixThemes Consulting Elementor and Masterstudy Elementor Widgets that allows attackers to execute arbitrary commands on the host operating system. This can lead to severe security breaches, including unauthorized access to sensitive data and system control. The flaw is attributed to improper neutralization of special elements in user-supplied inputs. Versions prior to 1.3.0 for Consulting Elementor Widgets and 1.2.2 for Masterstudy Elementor Widgets are affected, highlighting a critical need for immediate updates and patches to safeguard against potential exploitation.
Affected Version(s)
Consulting Elementor Widgets <= 1.3.0
Masterstudy Elementor Widgets <= 1.2.2
References
EPSS Score
9% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved