Path Traversal Vulnerability in Ultimate Bootstrap Elements for Elementor
CVE-2024-37462

8.5HIGH

Key Information:

Vendor: WordPress
Status: Ultimate Bootstrap Elements For Elementor
Vendor: CVE Published:; 9 July 2024

What is CVE-2024-37462?

The Ultimate Bootstrap Elements for Elementor by G5Theme has a vulnerability that allows Path Traversal due to improper limitations on pathname access to a restricted directory. This weakness could enable attackers to exploit the plugin, potentially gaining unauthorized access to files on the server through crafted requests. Affected versions range up to 1.4.2, highlighting the importance of updating to secure the plugin against this issue.

Affected Version(s)

Ultimate Bootstrap Elements for Elementor <= 1.4.2

References

https://patchstack.com/database/vulnerability/ultimate-bo...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2024

CVE-2024-37462 Data

JSON

WordPress

What is CVE-2024-37462?

Affected Version(s)

References

CVSS V3.1

Timeline