Platform
wordpress
Component
addon-elements-for-elementor-page-builder
Fixed in
1.12.13
CVE-2024-1358 is a Directory Traversal vulnerability affecting the Elementor Addon Elements plugin for WordPress. An authenticated attacker, possessing contributor access or higher, can leverage this flaw to include arbitrary PHP files on the server. This vulnerability impacts versions up to and including 1.12.12. A patch is available from the vendor.
Successful exploitation of CVE-2024-1358 allows an attacker to read arbitrary files on the server. This could expose sensitive information such as database credentials, configuration files, or even source code. The attacker needs to be authenticated on the WordPress site with contributor access or higher. The impact is significant as it could lead to complete compromise of the web server and potentially the entire WordPress installation. While the vulnerability requires authentication, the relatively low access threshold (contributor) makes it a concerning risk for many WordPress deployments.
CVE-2024-1358 was publicly disclosed on March 13, 2024. While no public exploits have been widely reported, the ease of exploitation and the potential impact make it a likely target for attackers. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept code is expected to emerge, increasing the risk of exploitation.
Exploit Status
EPSS
2.61% (86% percentile)
CVSS Vector
The primary mitigation for CVE-2024-1358 is to upgrade the Elementor Addon Elements plugin to a version patched against this vulnerability. If immediate upgrade is not possible due to compatibility issues, consider restricting file access permissions on the server to limit the potential damage from file inclusion. Web Application Firewalls (WAFs) configured to detect and block attempts to include arbitrary files can provide an additional layer of defense. Monitor WordPress logs for suspicious file access attempts.
Actualice el plugin Elementor Addon Elements a la última versión disponible. La vulnerabilidad de recorrido de directorios permite la inclusión de archivos PHP arbitrarios, lo que podría exponer información sensible. La actualización corrige esta vulnerabilidad.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-1358 is a Directory Traversal vulnerability in the Elementor Addon Elements WordPress plugin, allowing authenticated attackers to include arbitrary PHP files.
You are affected if you are using Elementor Addon Elements version 1.12.12 or earlier. Check your plugin version and upgrade immediately.
Upgrade the Elementor Addon Elements plugin to the latest version, which contains a patch for this vulnerability. If immediate upgrade is not possible, restrict file access permissions.
While no widespread exploitation has been confirmed, the vulnerability's ease of exploitation makes it a likely target. Monitor your systems for suspicious activity.
Refer to the Elementor security advisory for detailed information and updates: [https://elementor.com/security/](https://elementor.com/security/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.