JetElements Plugin Vulnerable to Local File Inclusion Attacks
CVE-2024-7145
8.8HIGH
What is CVE-2024-7145?
The JetElements plugin for WordPress contains a Local File Inclusion vulnerability due to inadequate validation of the 'progress_type' parameter. This flaw is present in all versions up to and including 2.6.20. It allows authenticated attackers with Contributor-level access or higher to include and execute arbitrary files on the server. This capability could potentially lead to the execution of PHP code contained in those files, bypass access controls, and expose sensitive data. The risk is particularly pronounced in scenarios where attackers can upload what appear to be harmless files, such as images.
Affected Version(s)
JetElements * <= 2.6.20