CVE-2024-37520

EPSS 0.58%
Veröffentlicht 09.07.2024 13:15:10
Zuletzt bearbeitet 23.04.2026 15:18:41
Quelle audit@patchstack.com
CVE-Watchlists
Login
Unerledigt
Login

WordPress ShopBuilder – Elementor WooCommerce Builder Addons plugin <= 2.1.12 - Local File Inclusion vulnerability

ShopBuilder – Elementor WooCommerce Builder Addons <= 2.1.12 - Authenticated (Contributor+) Local File Inclusion

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through <= 2.1.12.

Mögliche Gegenmaßnahme

ShopBuilder – WooCommerce Builder For Elementor: Update to version 2.1.13, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Radiustheme ≫ Shopbuilder SwPlatformwordpress Version < 2.1.13

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt ShopBuilder – WooCommerce Builder For Elementor

Version *-2.1.12

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.58%	0.429

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
audit@patchstack.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

https://patchstack.com/database/vulnerability/shopbuilder/wordpress-shopbuilder-elementor-woocommerce-builder-addons-plugin-2-1-12-local-file-inclusion-vulnerability?_s_id=cve

Third Party Advisory

https://patchstack.com/database/Wordpress/Plugin/shopbuilder/vulnerability/wordpress-shopbuilder-elementor-woocommerce-builder-addons-plugin-2-1-12-local-file-inclusion-vulnerability?_s_id=cve

https://www.wordfence.com/threat-intel/vulnerabilities/id/23b6e418-5560-4543-9042-5f338df315e5

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-37520

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-37520

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-37520

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-37520