CVE-2024-37479 | LA-Studio Element Kit for Elementor Plugin up to 1.3.8.1 on WordPress LaStudioKit Progress Bar Widget progress_type file inclusion

Inserito da Angelo Barbosa | Lug 2, 2024 | CVE

A vulnerability, which was classified as problematic, was found in LA-Studio Element Kit for Elementor Plugin up to 1.3.8.1 on WordPress. Affected is an unknown function of the component LaStudioKit Progress Bar Widget. The manipulation of the argument progress_type leads to file inclusion.

This vulnerability is traded as CVE-2024-37479. It is possible to launch the attack remotely. There is no exploit available.

CVE-2024-37479 | LA-Studio Element Kit for Elementor Plugin up to 1.3.8.1 on WordPress LaStudioKit Progress Bar Widget progress_type file inclusion

Post correlati

CVE-2024-5792 | Houzez CRM Plugin up to 1.4.2 on WordPress sql injection

CVE-2024-26076 | Adobe Experience Manager up to 6.5.19 Form Field cross site scripting (apsb24-21)

CVE-2023-5372 | Zyxel NAS326/NAS542 URL os command injection

CVE-2024-30551 | Toast Plugins Sticky Anything Plugin up to 2.1.5 on WordPress cross site scripting