CVE-2024-52499

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 28, 2024
CWE ID 98

Summary

CVE-2024-52499 is a newly disclosed vulnerability affecting the Kardi Pricing table addon for Elementor. This issue involves improper control of filenames for include/require statements in PHP code, resulting in a Local File Inclusion (LFI) vulnerability. An attacker can exploit this flaw to gain unauthorized access to sensitive files on affected systems. The vulnerability exists in the Pricing table addon for Elementor, with versions from n/a through 1.0.0 being potentially affected. Updating to the latest, secure version is strongly recommended to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share