Plattform
wordpress
Komponente
cowidgets-elementor-addons
Behoben in
1.1.2
CVE-2024-5179 is a Local File Inclusion (LFI) vulnerability affecting the Cowidgets – Elementor Addons plugin for WordPress. This vulnerability allows authenticated attackers with Contributor-level access or higher to include and execute arbitrary files on the server, potentially leading to code execution. The vulnerability impacts versions of the plugin up to and including 1.1.1. A fix is available in a patched version of the plugin.
The impact of CVE-2024-5179 is significant due to the potential for code execution. An attacker with Contributor access can leverage this LFI vulnerability to include and execute arbitrary PHP code. This could lead to complete compromise of the WordPress instance, allowing the attacker to steal sensitive data, modify website content, install malware, or gain persistent access. The ability to execute arbitrary code bypasses standard access controls, making it a particularly dangerous vulnerability. Successful exploitation could also lead to defacement of the website or denial of service.
CVE-2024-5179 was publicly disclosed on June 6, 2024. While no public exploits have been widely reported, the ease of exploitation and the potential impact make it a high-priority vulnerability. The vulnerability is not currently listed on the CISA KEV catalog. The requirement for authenticated access lowers the barrier to entry for many WordPress administrators.
Websites using the Cowidgets – Elementor Addons plugin, particularly those with multiple users having Contributor or higher access levels, are at risk. Shared hosting environments where multiple WordPress sites share the same server resources are also at increased risk, as a compromise on one site could potentially lead to the compromise of others.
• wordpress / composer / npm:
grep -r 'item_style|style' /var/www/html/wp-content/plugins/cowidgets-elementor-addons/• wordpress / composer / npm:
wp plugin list --status=active | grep cowidgets-elementor-addons• wordpress / composer / npm:
curl -I http://your-wordpress-site.com/wp-content/plugins/cowidgets-elementor-addons/ | grep -i 'item_style' # Check for parameter exposuredisclosure
Exploit-Status
EPSS
0.33% (56% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-5179 is to upgrade Cowidgets – Elementor Addons to a version that addresses the vulnerability. If upgrading is not immediately feasible, consider restricting file upload permissions to prevent attackers from uploading malicious PHP files. Implement strict input validation on the 'item_style' and 'style' parameters to prevent malicious input. Web Application Firewalls (WAFs) configured to detect and block attempts to include arbitrary files can provide an additional layer of defense. Monitor WordPress logs for suspicious file inclusion attempts.
Actualice el plugin Cowidgets – Elementor Addons a la última versión disponible. La vulnerabilidad permite la inclusión de archivos locales, lo que podría permitir la ejecución de código PHP arbitrario en el servidor.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-5179 is a Local File Inclusion vulnerability in the Cowidgets – Elementor Addons plugin for WordPress, allowing authenticated attackers to execute arbitrary PHP code.
You are affected if you are using Cowidgets – Elementor Addons version 1.1.1 or earlier.
Upgrade Cowidgets – Elementor Addons to the latest patched version. If immediate upgrade is not possible, restrict file upload permissions and implement input validation.
As of now, there are no known public exploits or active campaigns targeting CVE-2024-5179, but it remains a potential target.
Refer to the Cowidgets official website or WordPress plugin repository for updates and advisories related to CVE-2024-5179.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.