Path Traversal Vulnerability in JetWidgets for Elementor and WooCommerce
CVE-2024-38772

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Jetwidgets For Elementor And WooCommerce
Vendor: CVE Published:; 1 August 2024

What is CVE-2024-38772?

A path traversal vulnerability in JetWidgets for Elementor and WooCommerce allows attackers to manipulate file paths, potentially enabling PHP Local File Inclusion. This security flaw can lead to unauthorized access to sensitive files on the server, posing a significant risk to affected installations. Immediate updates and security measures are crucial to protect your WordPress site from exploitation.

Affected Version(s)

JetWidgets for Elementor and WooCommerce <= 1.1.7

References

https://patchstack.com/database/vulnerability/jetwoo-widg...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2024

CVE-2024-38772 Data

JSON