CVE-2024-10873
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-10873 is a vulnerability affecting the LA-Studio Element Kit plugin for WordPress. The issue lies in the _load_template function, which is vulnerable to Local File Inclusion. This flaw enables authenticated attackers with Contributor-level access or higher to include and execute arbitrary files on the server. The exploitation of this vulnerability can result in bypassing access controls, obtaining sensitive data, or achieving code execution. It is crucial that users of the LA-Studio Element Kit plugin update to the latest version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.