CVE-2024-50453 - Vulnerability Details - OpenCVE

Relative Path Traversal vulnerability in Webangon The Pack Elementor addons allows PHP Local File Inclusion.This issue affects The Pack Elementor addons: from n/a through 2.0.9.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Webangon	The Pack Elementor Addons

Configuration 1 [-]

cpe:2.3:a:webangon:the_pack_elementor_addons:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/the-pack-addon/wordpress-the-pack-elementor-addons-plugin-2-0-9-local-file-inclusion-vulnerability?_s_id=cve

History

Wed, 22 Jan 2025 18:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-22
CPEs		cpe:2.3:a:webangon:the_pack_elementor_addons::::::wordpress::*

Tue, 29 Oct 2024 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Webangon Webangon the Pack Elementor Addons
CPEs		cpe:2.3:a:webangon:the_pack_elementor_addons::::::::
Vendors & Products		Webangon Webangon the Pack Elementor Addons
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 28 Oct 2024 20:00:00 +0000

Type	Values Removed	Values Added
Description		Relative Path Traversal vulnerability in Webangon The Pack Elementor addons allows PHP Local File Inclusion.This issue affects The Pack Elementor addons: from n/a through 2.0.9.
Title		WordPress The Pack Elementor addons plugin <= 2.0.9 - Local File Inclusion vulnerability
Weaknesses		CWE-23
References		https://patchstack.com/database/vulnerability/the-pack-addon/wordpress-the-pack-elementor-addons-plugin-2-0-9-local-file-inclusion-vulnerability?_s_id=cve
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-10-28T19:52:11.297Z

Updated: 2024-10-29T18:15:11.519Z

Reserved: 2024-10-24T07:26:07.771Z

Link: CVE-2024-50453

Vulnrichment

Updated: 2024-10-29T18:15:02.359Z

NVD

Status : Analyzed

Published: 2024-10-28T20:15:07.463

Modified: 2025-01-22T18:29:43.147

Link: CVE-2024-50453

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-50453", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-10-24T07:26:07.771Z", "datePublished": "2024-10-28T19:52:11.297Z", "dateUpdated": "2024-10-29T18:15:11.519Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "the-pack-addon", "product": "The Pack Elementor addons", "vendor": "Webangon", "versions": [{"changes": [{"at": "2.1.0", "status": "unaffected"}], "lessThanOrEqual": "2.0.9", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Jo\u00e3o Pedro Soares de Alc\u00e2ntara - Kinorth (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Relative Path Traversal vulnerability in Webangon The Pack Elementor addons allows PHP Local File Inclusion.<p>This issue affects The Pack Elementor addons: from n/a through 2.0.9.</p>"}], "value": "Relative Path Traversal vulnerability in Webangon The Pack Elementor addons allows PHP Local File Inclusion.This issue affects The Pack Elementor addons: from n/a through 2.0.9."}], "impacts": [{"capecId": "CAPEC-252", "descriptions": [{"lang": "en", "value": "CAPEC-252 PHP Local File Inclusion"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-23", "description": "CWE-23: Relative Path Traversal", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-10-28T19:52:11.297Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/the-pack-addon/wordpress-the-pack-elementor-addons-plugin-2-0-9-local-file-inclusion-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 2.1.0 or a higher version."}], "value": "Update to 2.1.0 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress The Pack Elementor addons plugin <= 2.0.9 - Local File Inclusion vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "webangon", "product": "the_pack_elementor_addons", "cpes": ["cpe:2.3:a:webangon:the_pack_elementor_addons:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.0.9", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-29T17:56:52.956133Z", "id": "CVE-2024-50453", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-29T18:15:11.519Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-50453", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-29T17:56:52.956133Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:webangon:the_pack_elementor_addons:*:*:*:*:*:*:*:*"], "vendor": "webangon", "product": "the_pack_elementor_addons", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.0.9"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-29T18:15:02.359Z"}}], "cna": {"title": "WordPress The Pack Elementor addons plugin <= 2.0.9 - Local File Inclusion vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Jo\u00e3o Pedro Soares de Alc\u00e2ntara - Kinorth (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-252", "descriptions": [{"lang": "en", "value": "CAPEC-252 PHP Local File Inclusion"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Webangon", "product": "The Pack Elementor addons", "versions": [{"status": "affected", "changes": [{"at": "2.1.0", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "2.0.9"}], "packageName": "the-pack-addon", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to 2.1.0 or a higher version.", "supportingMedia": [{"type": "text/html", "value": "Update to 2.1.0 or a higher version.", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/vulnerability/the-pack-addon/wordpress-the-pack-elementor-addons-plugin-2-0-9-local-file-inclusion-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Relative Path Traversal vulnerability in Webangon The Pack Elementor addons allows PHP Local File Inclusion.This issue affects The Pack Elementor addons: from n/a through 2.0.9.", "supportingMedia": [{"type": "text/html", "value": "Relative Path Traversal vulnerability in Webangon The Pack Elementor addons allows PHP Local File Inclusion.<p>This issue affects The Pack Elementor addons: from n/a through 2.0.9.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-23", "description": "CWE-23: Relative Path Traversal"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-10-28T19:52:11.297Z"}}}, "cveMetadata": {"cveId": "CVE-2024-50453", "state": "PUBLISHED", "dateUpdated": "2024-10-29T18:15:11.519Z", "dateReserved": "2024-10-24T07:26:07.771Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-10-28T19:52:11.297Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webangon:the_pack_elementor_addons:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "F2EBF97A-7766-472A-8BD1-C50525B4F763", "versionEndExcluding": "2.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Relative Path Traversal vulnerability in Webangon The Pack Elementor addons allows PHP Local File Inclusion.This issue affects The Pack Elementor addons: from n/a through 2.0.9."}, {"lang": "es", "value": "Vulnerabilidad de Relative Path Traversal en Webangon The Pack Elementor addons permite la inclusi\u00f3n de archivos locales PHP. Este problema afecta a los complementos The Pack Elementor: desde n/a hasta 2.0.9."}], "id": "CVE-2024-50453", "lastModified": "2025-01-22T18:29:43.147", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-28T20:15:07.463", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/the-pack-addon/wordpress-the-pack-elementor-addons-plugin-2-0-9-local-file-inclusion-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-23"}], "source": "audit@patchstack.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}