CVE-2024-2203
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Mar 27, 2024
CWE ID 120
Summary
CVE-2024-2203 is a local file inclusion vulnerability affecting the The Plus Addons for Elementor plugin for WordPress. This issue, present in all versions up to 5.4.1, allows authenticated attackers with contributor-level access and above to include and execute arbitrary files on the server through the Clients widget. This can lead to bypassing access controls, obtaining sensitive data, or executing PHP code within those files, making it a significant security risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share