Lucene search
PatchstackCVE-2024-38772HistoryAug 01, 2024 - 9:15 p.m.
CVE-2024-38772
2024-08-0121:15:28
CWE-22
Patchstack
web.nvd.nist.gov
22
crocoblock jetwidgets
path traversal
elementor wc
php local file inclusion
cve-2024-38772
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0
Percentile
11.0%
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Crocoblock JetWidgets for Elementor and WooCommerce allows PHP Local File Inclusion.This issue affects JetWidgets for Elementor and WooCommerce: from n/a through 1.1.7.
Affected configurations
Node
crocoblockjetwidgets_for_elementorRange≤1.1.7wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| crocoblock | jetwidgets_for_elementor | * | cpe:2.3:a:crocoblock:jetwidgets_for_elementor:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "jetwoo-widgets-for-elementor",
"product": "JetWidgets for Elementor and WooCommerce",
"vendor": "Crocoblock",
"versions": [
{
"changes": [
{
"at": "1.1.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.1.7",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2024-38772
2024-08-01 21:15:28
cvelist
cvelist
vulnrichment
vulnrichment
wordfence
wordfence
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0
Percentile
11.0%
Related for CVE-2024-38772