CVE-2024-2203
published 2024-03-27CVE-2024-2203: The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients…
PriorityP353high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.59%
44.0th percentile
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| posimyth | the_plus_addons_for_elementor | < 5.4.2 | 5.4.2 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fhrf-5824-hj9w: The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5
ghsa_unreviewed·2024-03-27
CVE-2024-2203 [MEDIUM] CWE-22 GHSA-fhrf-5824-hj9w: The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5
The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Clients widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Red Hat
kernel: driver: iio: add missing checks on iio_info's callback access
vendor_redhat·2024-09-18·CVSS 5.5
CVE-2024-46715 [MEDIUM] CWE-252 kernel: driver: iio: add missing checks on iio_info's callback access
kernel: driver: iio: add missing checks on iio_info's callback access
In the Linux kernel, the following vulnerability has been resolved:
driver: iio: add missing checks on iio_info's callback access
Some callbacks from iio_info structure are accessed without any check, so
if a driver doesn't implement them trying to access the corresponding
sysfs entries produce a kernel oops such as:
[ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute
[...]
[ 2203.783416] Call trace:
[ 2203.783429] iio_read_channel_info_avail from dev_attr_show+0x18/0x48
[ 2203.789807] dev_attr_show from sysfs_kf_seq_show+0x90/0x120
[ 2203.794181] sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4
[ 2203.798555] seq_read_iter from vfs_read+0x238/0x2a0
[ 2203.802236] vfs_
Citrix
Citrix Workspace app for Windows Security Bulletin CVE-2024-7889 and CVE-2024-7890
vendor_citrix·2024-09-10·CVSS 7.0
CVE-2024-7889 [HIGH] CWE-269 Citrix Workspace app for Windows Security Bulletin CVE-2024-7889 and CVE-2024-7890
Citrix Workspace app for Windows Security Bulletin CVE-2024-7889 and CVE-2024-7890
of Problem Two vulnerabilities have been discovered that impact the Citrix Workspace app for Windows.
CVE References: CVE-2024-7889, CVE-2024-7890
Affected Products: Citrix Workspace app, XenServer, workspace
Severity: High
CVSS Score: 7.0
Remediation:
Citrix strongly recommends that customers upgrade their Citrix Workspace app for Windows to versions that contain the fixes as soon as possible. Citrix Workspace app for Windows versions that contain the fixes are: Current Release (CR) Citrix Workspace app for Windows 2405 and later versions Long Term Service Release (LTSR) Citrix Workspace app for Windows 2402 CU1 LTSR and later versions Citrix Workspace app for Windows 2203.1 LTSR CU6 Hotfix 3 - https://s
Citrix
Citrix Provisioning Security Bulletin CVE-2024-6150
vendor_citrix·2024-07-15·CVSS 4.8
CVE-2024-6150 [MEDIUM] CWE-284 Citrix Provisioning Security Bulletin CVE-2024-6150
Citrix Provisioning Security Bulletin CVE-2024-6150
of Problem A vulnerability has been discovered that impacts Citrix Provisioning. Refer to below for further details:
CVE References: CVE-2024-6150
Affected Products: XenServer
Severity: Medium
CVSS Score: 4.8
Remediation:
Citrix strongly recommends that customers upgrade their Citrix Provisioning to versions that contain the fixes as soon as possible. Citrix Provisioning versions that contain the fixes are: Current Release (CR) Citrix Provisioning 2402 and later versions Long Term Service Release (LTSR) Citrix Provisioning 2203 LTSR CU5 and later versions Citrix Provisioning 1912 LTSR CU9 and later versions
Citrix
Citrix Workspace app for Windows Security Bulletin CVE-2024-6286
vendor_citrix·2024-07-11·CVSS 8.5
CVE-2024-6286 [HIGH] CWE-269 Citrix Workspace app for Windows Security Bulletin CVE-2024-6286
Citrix Workspace app for Windows Security Bulletin CVE-2024-6286
of Problem A vulnerability has been discovered that impacts the Citrix Workspace app for Windows. Refer to below for further details: Details
CVE References: CVE-2024-6286
Affected Products: Citrix Workspace app, XenServer
Severity: High
CVSS Score: 8.5
Remediation:
Citrix strongly recommends that customers upgrade their Citrix Workspace app for Windows to versions that contain the fixes as soon as possible. Citrix Workspace app for Windows versions that contain the fixes are: Current Release (CR) Citrix Workspace app for Windows 2403.1 and later versions Long Term Service Release (LTSR) Citrix Workspace app for Windows 2402 LTSR and later versions Citrix Workspace app for Windows 2203.1 LTSR CU6 Hotfix 2 and later version
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/changeset/3056776/the-plus-addons-for-elementor-page-builderhttps://www.wordfence.com/threat-intel/vulnerabilities/id/dc7ff863-3a8e-41cd-ae20-78bb4577c16a?source=cvehttps://plugins.trac.wordpress.org/changeset/3056776/the-plus-addons-for-elementor-page-builderhttps://www.wordfence.com/threat-intel/vulnerabilities/id/dc7ff863-3a8e-41cd-ae20-78bb4577c16a?source=cve
2024-03-27
Published