Lucene search

WpvulndbWPVDB-ID:9C12485E-881C-4719-BFB5-723AD95CF725

HistoryMar 18, 2024 - 12:00 a.m.

HT Mega – Absolute Addons For Elementor < 2.4.7 - Contributor+ Directory Traversal

2024-03-1800:00:00

wpscan.com

ht mega

absolute addons for elementor

vulnerability

contributor access

directory traversal

sensitive information

server

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

EPSS

Percentile

15.5%

JSON

Description The HT Mega – Absolute Addons For Elementor plugin is vulnerable to Directory Traversal via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to read the contents of arbitrary files on the server, which can contain sensitive information.

References

www.wordfence.com/threat-intel/vulnerabilities/id/11b5f0a1-bf22-46be-a165-c62f1077da0f

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

EPSS

Percentile

15.5%

JSON

Related for WPVDB-ID:9C12485E-881C-4719-BFB5-723AD95CF725