VR Calendar Vulnerable to Path Traversal and PHP Local File Inclusion
CVE-2024-44013

7.5HIGH

Key Information:

Vendor: WordPress
Status: Vr Calendar
Vendor: CVE Published:; 5 October 2024

Summary

A vulnerabilities exists within VR Calendar developed by Innate Images LLC, specifically a Path Traversal issue that compromises file inclusion integrity. This flaw allows unauthorized access to local files via PHP Local File Inclusion, posing security risks to affected installations. The vulnerability impacts versions of VR Calendar from n/a up to 2.4.0, making it essential for users to identify and remediate the issue promptly to safeguard sensitive data and maintain operational security.

Affected Version(s)

VR Calendar <= 2.4.0

References

https://patchstack.com/database/vulnerability/vr-calendar...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 5, 2024
Vulnerability Reserved
Aug 18, 2024

Credit

tahu.datar (Patchstack Alliance)