Path Traversal Vulnerability in Classic Addons for WPBakery Page Builder by Classic Addons
CVE-2024-56286

7.5HIGH

Key Information:

Vendor: WordPress
Status: Classic Addons – WPbakery Page Builder
Vendor: CVE Published:; 7 January 2025

Summary

A vulnerability exists in the Classic Addons – WPBakery Page Builder that allows attackers to exploit improper pathname restrictions leading to Local File Inclusion (LFI). This issue can enable unauthorized access to local files in the web server, potentially exposing sensitive information.

Affected Version(s)

Classic Addons – WPBakery Page Builder <= 3.0

References

https://patchstack.com/database/wordpress/plugin/classic-...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 7, 2025
Vulnerability Reserved
Dec 18, 2024

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)