Lucene search

WpvulndbWPVDB-ID:0B1BC082-3626-4248-956E-14BC7D37EBD4

HistoryMay 01, 2024 - 12:00 a.m.

Element Pack Pro <= 7.7.4 - Authenticated (Contributor+) Arbitrary File Read and PHAR Deserialization

2024-05-0100:00:00

wpscan.com

wordpress

element pack pro

directory traversal

authenticated

contributor+

phar deserialization

security vulnerability

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

EPSS

Percentile

10.5%

JSON

Description The Element Pack Pro - Addon for Elementor Page Builder WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.7.4. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

References

www.wordfence.com/threat-intel/vulnerabilities/id/41395c95-230d-441a-a261-cd67b95b76e3

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

6.6

Confidence

Low

EPSS

Percentile

10.5%

JSON

Related for WPVDB-ID:0B1BC082-3626-4248-956E-14BC7D37EBD4