Platform
wordpress
Component
bdthemes-element-pack
Fixed in
7.19.3
CVE-2024-33568 is an Insecure Deserialization vulnerability affecting BdThemes Element Pack Pro versions up to 7.19.3. This vulnerability allows attackers to exploit Path Traversal and Object Injection, potentially leading to unauthorized access and code execution. The vulnerability was published on June 4, 2024, and a patch is available in version 7.19.3.
The Insecure Deserialization vulnerability in Element Pack Pro allows attackers to manipulate deserialization processes, leading to Path Traversal and Object Injection. Path Traversal enables attackers to access files and directories outside the intended scope, potentially exposing sensitive data like configuration files, database credentials, or source code. Object Injection allows attackers to inject malicious objects into the deserialization process, potentially leading to Remote Code Execution (RCE). Successful exploitation could result in complete compromise of the WordPress site, data breaches, and denial of service.
CVE-2024-33568 is not currently listed on the CISA KEV catalog. Public proof-of-concept (PoC) exploits are not yet widely available, but the vulnerability's nature suggests a moderate probability of exploitation given the ease of Path Traversal attacks. The vulnerability was publicly disclosed on June 4, 2024, coinciding with the CVE publication date.
Exploit Status
EPSS
0.74% (73% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-33568 is to immediately upgrade Element Pack Pro to version 7.19.3 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting file access permissions and implementing input validation to sanitize user-supplied data. Web Application Firewalls (WAFs) configured to detect and block deserialization attacks can also provide an additional layer of protection. After upgrading, confirm the fix by attempting to trigger the vulnerable deserialization process and verifying that it is now properly handled.
Actualice el plugin Element Pack Pro a la versión 7.19.3 o superior. Esta actualización corrige las vulnerabilidades de path traversal y deserialización de datos no confiables. Se recomienda realizar la actualización lo antes posible para proteger su sitio web.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-33568 is a HIGH severity vulnerability in BdThemes Element Pack Pro versions up to 7.19.3, allowing Path Traversal and Object Injection through insecure deserialization.
If you are using Element Pack Pro versions 7.19.3 or earlier, you are potentially affected by this vulnerability.
Upgrade Element Pack Pro to version 7.19.3 or later to resolve this vulnerability. Consider temporary workarounds if immediate upgrade is not possible.
While no active exploitation has been confirmed, the vulnerability's nature suggests a potential for exploitation.
Refer to the BdThemes website and WordPress plugin repository for the official advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.