CVE-2024-3500

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published May 2, 2024

CWE ID 352

Summary

CVE-2024-3500 is a vulnerability affecting the ElementsKit Pro plugin for WordPress. This issue, present in versions up to 3.6.0, enables authenticated attackers with contributor-level access or higher to perform Local File Inclusion through the Price Menu, Hotspot, and Advanced Toggle widgets. By exploiting this vulnerability, adversaries can execute arbitrary PHP code in included files, leading to potential data breaches, code execution, and access control bypasses. The vulnerability poses a significant risk, especially when dealing with files that are typically considered safe for upload, such as images.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-3500 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future

Gain complete coverage of your cyber, third party, and physical attack surface
Proactively mitigate threats before they turn into costly attacks
Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database