PHP Remote File Inclusion Vulnerability Affects Cryptocurrency Widgets For Elementor

CVE-2024-53739

8.1HIGH

Key Information

Vendor: Cool Plugins
Status: Cryptocurrency Widgets For Elementor
Vendor: CVE Published:; 30 November 2024

Summary

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency Widgets For Elementor: from n/a through 1.6.4.

Affected Version(s)

Cryptocurrency Widgets For Elementor <= 1.6.4

References

https://patchstack.com/database/wordpress/plugin/cryptocu...

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 30, 2024
Vulnerability Reserved
Nov 22, 2024

Collectors

NVD DatabaseMitre Database

Credit

Zaidan Rizaki (Patchstack Alliance)