WordPress The Pack Elementor addons plugin <= 2.0.8.6 - Local File Inclusion vulnerability
CVE-2024-38768

8.8HIGH

Key Information:

Vendor: WordPress
Status: The Pack Elementor Addons
Vendor: CVE Published:; 1 August 2024

Summary

A Path Traversal vulnerability in The Pack Elementor addons by Webangon permits attackers to exploit improper limitations on pathname restrictions. This flaw enables potential PHP Local File Inclusion, which can allow unauthorized access to sensitive files on the server. The vulnerability affects The Pack Elementor addons versions n/a through 2.0.8.6, posing a significant risk for users failing to implement necessary security measures.

Affected Version(s)

The Pack Elementor addons <= 2.0.8.6

References

https://patchstack.com/database/vulnerability/the-pack-ad...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 1, 2024

Credit

João Pedro Soares de Alcântara - Kinorth (Patchstack Alliance)