CVE-2024-10873 | choijun LA-Studio Element Kit for Elementor Plugin up to 1.4.2 on WordPress _load_template filename control

Inserito da Angelo Barbosa | Nov 23, 2024 | CVE

A vulnerability has been found in choijun LA-Studio Element Kit for Elementor Plugin up to 1.4.2 on WordPress and classified as problematic. This vulnerability affects the function _load_template. The manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability was named CVE-2024-10873. Local access is required to approach this attack. There is no exploit available.

CVE-2024-10873 | choijun LA-Studio Element Kit for Elementor Plugin up to 1.4.2 on WordPress _load_template filename control

Post correlati

CVE-2024-28550 | Tenda AC18 15.03.05.05 formExpandDlnaFile filePath stack-based overflow

CVE-2024-24764 | October CMS up to 3.5.14 october Schema redirect (GHSA-v2vf-jv88-3fp5)

CVE-2024-35682 | Themeisle Otter Blocks PRO Plugin up to 2.6.11 on WordPress information disclosure

CVE-2023-46497 | EverShop NPM up to 1.0.0-rc.7 Request createFolder.js mkdirSync path traversal