Lucene search
PatchstackCVELIST:CVE-2024-35677HistoryJun 10, 2024 - 3:46 p.m.
CVE-2024-35677 WordPress MegaMenu plugin <= 2.3.12 - Unauthenticated Local File Inclusion vulnerability
2024-06-1015:46:27
CWE-22
Patchstack
www.cve.org
5
cve-2024-35677
wordpress
megamenu
unauthenticated
local file inclusion
path traversal
stylemixthemes
CVSS3
9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS
0.001
Percentile
39.4%
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through 2.3.12.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "MegaMenu",
"vendor": "StylemixThemes",
"versions": [
{
"changes": [
{
"at": "2.3.13",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.3.12",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2024-35677
2024-06-10 16:15:15
vulnrichment
vulnrichment
wpvulndb
wpvulndb
MegaMenu < 2.3.13 - Unauthenticated Local File Inclusion
2024-06-13 00:00:00
nvd
nvd
CVE-2024-35677
2024-06-10 16:15:15
wordfence
wordfence
CVSS3
9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS
0.001
Percentile
39.4%
Related for CVELIST:CVE-2024-35677