CVE-2024-56286

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 7, 2025
CWE ID 22

Summary

CVE-2024-56286 is a newly identified path traversal vulnerability affecting Classic Addons – WPBakery Page Builder. Maliciously crafted input can bypass the restricted directory, allowing an attacker to include PHP files locally. This issue, which affects versions from n/a through 3.0, poses a serious risk as it enables arbitrary code execution and potential data breaches. Mitigation measures include updating to the latest, patched version of the plugin and implementing input validation and access controls.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share