CVE-2024-56282
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Jan 7, 2025
CWE ID 98
Summary
CVE-2024-56282 is a new vulnerability affecting the Elicus WPMozo Addons Lite for Elementor plugin. This issue involves improper control of filenames in PHP include/require statements, leading to a Local File Inclusion (LFI) vulnerability. Attackers can exploit this flaw to gain unauthorized access to sensitive files on affected systems. The vulnerability has been identified in all versions from n/a to 1.1.0. It is essential for users to update their plugins as soon as a patch is available to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share