Lucene search
PRIOn knowledge basePRION:CVE-2024-1358HistoryMar 13, 2024 - 4:15 p.m.
Directory traversal
2024-03-1316:15:00
PRIOn knowledge base
www.prio-n.com
2
directory traversal
wordpress
vulnerable plugin
php files
nvd
sensitive information
The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of arbitrary PHP files on the server, which may expose sensitive information.
References
plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.12.12/modules/shape-separator/widgets/shape-separator.php
plugins.trac.wordpress.org/changeset/3037925/addon-elements-for-elementor-page-builder/trunk/modules/shape-separator/widgets/shape-separator.php
www.wordfence.com/threat-intel/vulnerabilities/id/20cd3fff-0488-4bc2-961b-2427925e6a96?source=cve
Related
nvd
nvd
CVE-2024-1358
2024-03-13 16:15:19
cvelist
cvelist
CVE-2024-1358
2024-03-13 15:26:37
cve
cve
CVE-2024-1358
2024-03-13 16:15:19
wpvulndb
wpvulndb
Elementor Addon Elements < 1.13 - Contributor+ to LFI
2024-02-25 00:00:00
wordfence
wordfence