7.2
CVE-2024-37410
- EPSS 0.56%
- Veröffentlicht 09.07.2024 11:15:13
- Zuletzt bearbeitet 23.04.2026 15:18:35
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
LoginWordPress PowerPack Lite for Beaver Builder plugin <= 1.3.0.3 - Local File Inclusion vulnerability
PowerPack Lite for Beaver Builder <= 1.3.0.3 - Authenticated (Editor+) Local File Inclusion
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in IdeaBox Creations PowerPack Lite for Beaver Builder powerpack-addon-for-beaver-builder.This issue affects PowerPack Lite for Beaver Builder: from n/a through <= 1.3.0.3.Mögliche Gegenmaßnahme
PowerPack Lite for Beaver Builder: Update to version 1.3.0.4, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ideabox ≫ Powerpack For Beaver Builder SwPlatformwordpress Version < 1.3.0.4
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
PowerPack Lite for Beaver Builder
Version
*-1.3.0.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.56% | 0.419 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| audit@patchstack.com | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
https://patchstack.com/database/vulnerability/powerpack-addon-for-beaver-builder/wordpress-powerpack-lite-for-beaver-builder-plugin-1-3-0-3-local-file-inclusion-vulnerability?_s_id=cve
https://patchstack.com/database/Wordpress/Plugin/powerpack-addon-for-beaver-builder/vulnerability/wordpress-powerpack-lite-for-beaver-builder-plugin-1-3-0-3-local-file-inclusion-vulnerability?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/b3603994-b12e-4360-a3aa-b93e80ac927b