Plattform
wordpress
Komponente
page-builder-add
Behoben in
1.5.3
CVE-2024-43345 is a Path Traversal vulnerability affecting the PluginOps Landing Page Builder. This vulnerability allows an attacker to potentially include arbitrary PHP files, leading to sensitive information disclosure or even remote code execution. The vulnerability impacts versions of Landing Page Builder up to and including 1.5.2.0, with a fix available in version 1.5.3.
The Path Traversal vulnerability in Landing Page Builder allows an attacker to manipulate file paths, bypassing intended restrictions and accessing arbitrary files on the server. Successful exploitation could lead to the disclosure of sensitive configuration files, database credentials, or even source code. This could enable further compromise of the WordPress installation, including data exfiltration, privilege escalation, and remote code execution if the attacker can leverage the exposed files to execute malicious code. The impact is amplified if the server hosts other sensitive applications or data.
CVE-2024-43345 was publicly disclosed on 2024-08-19. Currently, no public proof-of-concept exploits are widely available, but the path traversal nature of the vulnerability makes it likely that exploits will emerge. The EPSS score is likely to be medium, given the relatively straightforward nature of path traversal exploits and the potential for significant impact. Monitor security advisories and threat intelligence feeds for any indications of active exploitation.
WordPress websites utilizing the PluginOps Landing Page Builder plugin, particularly those running versions prior to 1.5.3, are at risk. Shared hosting environments are especially vulnerable as they often have limited control over server file permissions, increasing the potential impact of a successful exploit.
• wordpress / plugin:
wp plugin list | grep Landing Page Builder• wordpress / plugin: Check for file inclusion attempts in WordPress access logs, looking for patterns like ../ or ../../ in the request URI.
• wordpress / plugin: Examine the Landing Page Builder plugin's code for instances of filegetcontents or similar functions that handle user-supplied input without proper sanitization.
disclosure
Exploit-Status
EPSS
0.70% (72% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-43345 is to immediately upgrade the Landing Page Builder plugin to version 1.5.3 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing a Web Application Firewall (WAF) rule to block requests containing path traversal attempts (e.g., ../ sequences). Restrict file permissions on sensitive files to prevent unauthorized access, even if the vulnerability is exploited. Regularly review and audit file permissions and access controls.
Actualice el plugin Landing Page Builder a la última versión disponible. La vulnerabilidad de inclusión de archivos locales (LFI) se corrige en versiones posteriores a la 1.5.2.0. Para actualizar, vaya al panel de administración de WordPress, sección 'Plugins' y busque 'Landing Page Builder' para actualizarlo.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-43345 is a Path Traversal vulnerability in the PluginOps Landing Page Builder plugin for WordPress, allowing attackers to potentially include arbitrary PHP files.
Yes, if you are using Landing Page Builder version 1.5.2.0 or earlier, you are affected by this vulnerability.
Upgrade the Landing Page Builder plugin to version 1.5.3 or later to remediate the vulnerability. Consider temporary workarounds if immediate upgrade is not possible.
As of the current date, there are no known public exploits or active campaigns targeting this vulnerability, but the HIGH CVSS score warrants immediate attention.
Refer to the PluginOps website or WordPress plugin repository for the official advisory and update information regarding CVE-2024-43345.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.