PHP Remote File Inclusion Vulnerability
CVE-2024-53824

7.5HIGH

Key Information:

Vendor: WordPress
Status: All Bootstrap Blocks
Vendor: CVE Published:; 6 December 2024

Summary

The AREOI All Bootstrap Blocks plugin is susceptible to a PHP Local File Inclusion vulnerability caused by improper control of filenames during Include/Require statements. This security flaw potentially allows unauthorized access to sensitive files on the server, leading to serious data breaches or system compromise. The vulnerability specifically impacts the All Bootstrap Blocks versions from n/a to 1.3.19, highlighting the need for immediate action to mitigate risks associated with unpatched installations.

Affected Version(s)

All Bootstrap Blocks <= 1.3.19

References

https://patchstack.com/database/wordpress/plugin/all-boot...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 6, 2024
Vulnerability Reserved
Nov 22, 2024

Credit

Ngô Thiên An (ancorn_ from VNPT-VCI) (Patchstack Alliance)