CVE-2024-35658

2024-06-1016:15:15

CWE-22

[email protected]

web.nvd.nist.gov

improper limitation

path traversal

themehigh checkout field editor

woocommerce

functionality misuse

file manipulation

security vulnerability

cve-2024-35658

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

0.0005 Low

EPSS

Percentile

18.1%

JSON

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through 3.6.2.

Affected configurations

NVD

Node

themehighcheckout_field_editor_for_woocommerceRange<3.6.3prowordpress

References

patchstack.com/database/vulnerability/woocommerce-checkout-field-editor-pro/wordpress-checkout-field-editor-for-woocommerce-pro-plugin-3-6-2-unauthenticated-arbitrary-file-deletion-vulnerability?_s_id=cve