CVE-2024-1358

2024-03-1316:15:19

Wordfence

web.nvd.nist.gov

cve-2024-1358

elementor

wordpress

directory traversal

security vulnerability

nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

Percentile

15.5%

JSON

The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of arbitrary PHP files on the server, which may expose sensitive information.

Affected configurations

Vulners

Vulnrichment

Node

webtechstreetelementor_addon_elementsRange≤1.12.12wordpress

VendorProductVersionCPE
webtechstreetelementor_addon_elements*cpe:2.3:a:webtechstreet:elementor_addon_elements:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
webtechstreet	elementor_addon_elements	*	cpe:2.3:a:webtechstreet:elementor_addon_elements::::::wordpress::*

CNA Affected

[
  {
    "vendor": "webtechstreet",
    "product": "Elementor Addon Elements",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "1.12.12",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]