Lucene search

[email protected]CVE-2024-37479

HistoryJul 02, 2024 - 8:15 a.m.

CVE-2024-37479

2024-07-0208:15:06

[email protected]

web.nvd.nist.gov

file inclusion

la-studio

element kit

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Local File Inclusion vulnerability in LA-Studio LA-Studio Element Kit for Elementor via “LaStudioKit Progress Bar” widget in New Post, specifically in the “progress_type” attribute.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.8.1.

Affected configurations

Vulners

Node

la-studiola-studio_element_kit_for_elementorRange≤1.3.8.1

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "lastudio-element-kit",
    "product": "LA-Studio Element Kit for Elementor",
    "vendor": "LA-Studio",
    "versions": [
      {
        "changes": [
          {
            "at": "1.3.9",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.3.8.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/lastudio-element-kit/wordpress-la-studio-element-kit-for-elementor-plugin-1-3-8-1-local-file-inclusion-vulnerability?_s_id=cve

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVE-2024-37479

vulnrichment1 cvelist1 nvd1