CVE-2024-56282

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 7, 2025
CWE ID 98

Summary

CVE-2024-56282 is a new vulnerability affecting the Elicus WPMozo Addons Lite for Elementor plugin. This issue involves improper control of filenames in PHP include/require statements, leading to a Local File Inclusion (LFI) vulnerability. Attackers can exploit this flaw to gain unauthorized access to sensitive files on affected systems. The vulnerability has been identified in all versions from n/a to 1.1.0. It is essential for users to update their plugins as soon as a patch is available to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share