WordPress ShopBuilder – Elementor WooCommerce Builder Addons plugin <= 2.1.12 - Local File Inclusion vulnerability
CVE-2024-37520

8.8HIGH

Key Information:

Vendor

WordPress
Status
Shopbuilder – Elementor WooCommerce Builder Addons
Vendor
CVE Published:
9 July 2024

What is CVE-2024-37520?

A vulnerability exists in the ShopBuilder – Elementor WooCommerce Builder Addons by RadiusTheme that allows path traversal due to improper limitations on pathnames directed to restricted directories. This flaw enables an attacker to potentially access files outside of the intended directory, which could lead to unauthorized exposure of sensitive information. The issue is present in versions of the plugin from n/a to 2.1.12, making it essential for users to ensure they are updated to the latest version to mitigate the risk.

Affected Version(s)

ShopBuilder – Elementor WooCommerce Builder Addons <= 2.1.12

References

https://patchstack.com/database/vulnerability/shopbuilder...
vdb-entry

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Credit

João Pedro Soares de Alcântara - Kinorth (Patchstack Alliance)
JSON
.
CVE-2024-37520 : WordPress ShopBuilder – Elementor WooCommerce Builder Addons plugin <= 2.1.12 - Local File Inclusion vulnerability