Plattform
wordpress
Komponente
cowidgets-elementor-addons
Behoben in
1.1.2
CVE-2024-37419 describes a Path Traversal vulnerability discovered in Cowidgets – Elementor Addons, a WordPress plugin. This vulnerability allows unauthorized access to sensitive files on the server by manipulating file paths. Versions of the plugin prior to 1.1.2 are affected, and a patch has been released to address the issue. Promptly updating the plugin is crucial to mitigate the risk.
The Path Traversal vulnerability in Cowidgets – Elementor Addons allows an attacker to bypass intended access restrictions and retrieve files from directories they should not be able to access. This could include sensitive configuration files, database credentials, or even source code. Successful exploitation could lead to complete compromise of the WordPress site, data exfiltration, and potential lateral movement within the network if the server has access to other resources. The impact is amplified if the server hosts other applications or databases, as the attacker could potentially gain access to those as well.
CVE-2024-37419 was publicly disclosed on 2024-07-09. As of this writing, there are no known public exploits or active campaigns targeting this vulnerability. It is not currently listed on the CISA KEV catalog. The ease of exploitation, combined with the potential impact, suggests that this vulnerability should be prioritized for remediation.
WordPress websites using Cowidgets – Elementor Addons are at risk, particularly those with default file permissions or those running older, unpatched versions of the plugin. Shared hosting environments where users have limited control over server configurations are also at increased risk.
• wordpress / composer / npm:
grep -r "../" /var/www/html/wp-content/plugins/cowidgets-elementor-addons/• generic web:
curl -I 'http://example.com/wp-content/plugins/cowidgets-elementor-addons/../../../../etc/passwd' # Check for file disclosuredisclosure
Exploit-Status
EPSS
0.39% (60% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-37419 is to immediately upgrade Cowidgets – Elementor Addons to version 1.1.2 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing temporary workarounds. These may include restricting file access permissions on the server, implementing a Web Application Firewall (WAF) with rules to block suspicious path traversal attempts (e.g., patterns containing '../'), and closely monitoring server logs for unusual file access patterns. After upgrading, verify the fix by attempting to access files outside of the intended directory via the vulnerable endpoint.
Actualice el plugin Cowidgets – Elementor Addons a la última versión disponible. La vulnerabilidad de inclusión de archivos locales (LFI) se ha corregido en versiones posteriores a la 1.1.1. Para actualizar, vaya al panel de administración de WordPress, sección 'Plugins' y busque 'Cowidgets – Elementor Addons' para actualizarlo.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-37419 is a Path Traversal vulnerability affecting Cowidgets – Elementor Addons versions up to 1.1.1, allowing attackers to read arbitrary files on the server.
You are affected if you are using Cowidgets – Elementor Addons version 1.1.1 or earlier. Check your plugin version and update immediately.
Upgrade Cowidgets – Elementor Addons to version 1.1.2 or later. As a temporary workaround, restrict file access permissions and implement a WAF rule.
As of now, there are no confirmed active exploitation campaigns, but the vulnerability's nature suggests it may become a target.
Refer to the Cowidgets website or WordPress plugin repository for the official advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.