CVE-2024-52496
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Nov 28, 2024
CWE ID 98
Summary
CVE-2024-52496 is a new vulnerability affecting Absolute Addons For Elementor, an plugin used in web development. The issue involves an improper control of filenames in PHP include/require statements, leading to a Remote File Inclusion (RFI) vulnerability. Hackers can exploit this flaw to include malicious code onto the targeted server, posing a significant security risk. Absolute Addons For Elementor versions from n/a to 1.0.14 are affected by this vulnerability. Users are advised to update their plugins to the latest version to mitigate the threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share