CVE-2024-5709
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-5709 is a vulnerability affecting the WPBakery Visual Composer plugin for WordPress. This issue allows authenticated attackers, with Author-level access and above, to include and execute arbitrary files on the server through the 'layout_name' parameter. Even with post permissions granted by an Administrator, this vulnerability poses a significant risk as it can be exploited to bypass access controls, obtain sensitive data, or achieve code execution. This vulnerability exists in all versions up to and including 7.7, making it crucial for WordPress users to update their plugins to the latest version as soon as possible.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- WPBakery Plugin
Affected Vendors
- WordPress