CVE-2024-4359

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 12, 2024

CWE ID 843

Summary

CVE-2024-4359 is a vulnerability affecting the Elementor Addons plugin for WordPress, specifically the Header Footer, Template Library, Dynamic Grid & Carousel, and Remote Arrows components. The issue lies in the render_svg function, which fails to properly validate SVG files used in the SVG widget. This weakness allows authenticated attackers with contributor-level access or higher to read arbitrary files on the server, potentially exposing sensitive information. The vulnerability pertains to all versions up to and including 5.7.2.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Microsoft Edge Chromium

Affected Vendors

Microsoft

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xvPTbJ
https://www.cve.org/CVERecord?id=CVE-2024-4359
https://nvd.nist.gov/vuln/detail/CVE-2024-4359

Back to Vulnerability Database