Local File Inclusion Vulnerability in Themify Builder Product
CVE-2024-56216

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Themify Builder
Vendor: CVE Published:; 31 December 2024

Summary

A security vulnerability exists in the Themify Builder, a popular WordPress plugin. This vulnerability arises from an improper control of filenames during the inclusion or require statement in PHP scripts. Such a flaw allows for PHP Local File Inclusion, which can be exploited by an attacker to include files from the local server. By manipulating input parameters, unauthorized code execution can occur, leading to potential data exposure or system compromise. The vulnerability is present in versions from n/a through 7.6.3, making it crucial for users of this plugin to take appropriate measures to safeguard their applications.

Affected Version(s)

Themify Builder <= 7.6.3

References

https://patchstack.com/database/wordpress/plugin/themify-...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Dec 18, 2024

Credit

João Pedro Soares de Alcântara - Kinorth (Patchstack Alliance)