CVE-2024-10873 | choijun LA-Studio Element Kit for Elementor Plugin up to 1.4.2 on WordPress _load_template filename control

Posted by Angelo Barbosa | Nov 23, 2024 | CVE

A vulnerability has been found in choijun LA-Studio Element Kit for Elementor Plugin up to 1.4.2 on WordPress and classified as problematic. This vulnerability affects the function _load_template. The manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability was named CVE-2024-10873. Local access is required to approach this attack. There is no exploit available.

CVE-2024-10873 | choijun LA-Studio Element Kit for Elementor Plugin up to 1.4.2 on WordPress _load_template filename control

Related Posts

CVE-2024-10526 | Rapid7 Velociraptor up to 0.73.2 MSI Installer file access

CVE-2024-32743 | WonderCMS 3.4.3 Security Module SITE LANGUAGE CONFIG cross site scripting

CVE-2024-49669 | Alexander De Ridder INK Official Plugin up to 4.1.2 on WordPress unrestricted upload

CVE-2024-32804 | Martin Gibson WP GoToWebinar Plugin up to 14.46 on WordPress authorization