Lucene search
PatchstackCVE-2024-43138HistoryAug 13, 2024 - 12:15 p.m.
CVE-2024-43138
2024-08-1312:15:06
CWE-22
Patchstack
web.nvd.nist.gov
23
cve-2024-43138
improper limitation
path traversal
magepeople team
event manager
woocommerce
php
local file inclusion
security vulnerability
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
19.7%
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in MagePeople Team Event Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Event Manager for WooCommerce: from n/a through 4.2.1.
Affected configurations
Node
mage-peopleevent_manager_and_tickets_selling_for_woocommerceRange<4.2.2wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mage-people | event_manager_and_tickets_selling_for_woocommerce | * | cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "mage-eventpress",
"product": "Event Manager for WooCommerce",
"vendor": "MagePeople Team",
"versions": [
{
"changes": [
{
"at": "4.2.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.2.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2024-43138
2024-08-13 12:15:06
vulnrichment
vulnrichment
cvelist
cvelist
wordfence
wordfence
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
19.7%
Related for CVE-2024-43138