CVE-2024-10873

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-98
View all →

Vulnerability Description

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the _load_template function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

Related Vulnerabilities

CVE-2022-4606

HIGH
CVSS:8.8(High)

PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3.

CWE-982022

CVE-2023-24217

HIGH
CVSS:8.8(High)

AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability.

CWE-982023

CVE-2023-49084

HIGH
CVSS:8.8(High)

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the includ...

CWE-982023

CVE-2024-10436

HIGH
CVSS:8.8(High)

The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.1 via the get_condition_value function. This makes it possib...

CWE-982024

CVE-2024-10898

HIGH
CVSS:8.8(High)

The Contact Form 7 Email Add on plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the cf7_email_add_on_add_admin_template() function. This makes ...

CWE-982024

CVE-2024-11429

HIGH
CVSS:8.8(High)

The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3...

CWE-982024