CVE-2024-24934

CWE-22Path Traversal3 documents3 sources
Severity
8.1HIGH
EPSS
0.9%
top 24.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Elementor Website BuilderElementor Elementor Website Builder
Timeline
PublishedMay 17

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.This issue affects Elementor Website Builder: from n/a through 3.19.0.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.8 | Impact: 6.0

Affected Packages2 packages

CVEListV5elementor/elementor_website_buildern/a3.19.0

🔴Vulnerability Details

2
CVEList
WordPress Elementor plugin <= 3.19.0 - Arbitrary File Deletion and Phar Deserialization vulnerability2024-05-17
GHSA
GHSA-65c7-6p4f-55jx: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulatin2024-05-17
CVE-2024-24934 (HIGH CVSS 8.1) | Improper Limitation of a Pathname t | cvebase.io