Platform
wordpress
Component
cowidgets-elementor-addons
Fixed in
1.1.2
CVE-2024-37419 describes a Path Traversal vulnerability discovered in Cowidgets – Elementor Addons, a WordPress plugin. This flaw allows unauthorized access to sensitive files on the server by manipulating file paths. The vulnerability affects versions of the plugin up to and including 1.1.1, and a patch has been released in version 1.1.2.
The Path Traversal vulnerability in Cowidgets – Elementor Addons poses a significant risk to WordPress websites. An attacker could exploit this flaw to read configuration files, database credentials, or even source code, potentially gaining complete control over the server. Successful exploitation could lead to data breaches, website defacement, and further compromise of the system. This vulnerability is similar in nature to other path traversal exploits, where attackers leverage predictable file system structures to bypass access controls.
CVE-2024-37419 was publicly disclosed on 2024-07-09. Currently, there are no known active campaigns targeting this vulnerability, and no public proof-of-concept exploits have been widely released. The vulnerability is not listed on the CISA KEV catalog as of this writing. However, the ease of exploitation associated with path traversal vulnerabilities suggests that it may become a target for opportunistic attackers.
Exploit Status
EPSS
0.39% (60% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-37419 is to immediately upgrade Cowidgets – Elementor Addons to version 1.1.2 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting file access permissions on the server and implementing a Web Application Firewall (WAF) rule to block requests containing suspicious path traversal attempts (e.g., ../). Regularly monitor server logs for unusual file access patterns and consider implementing file integrity monitoring to detect unauthorized modifications.
Actualice el plugin Cowidgets – Elementor Addons a la última versión disponible. La vulnerabilidad de inclusión de archivos locales (LFI) se ha corregido en versiones posteriores a la 1.1.1. Para actualizar, vaya al panel de administración de WordPress, sección 'Plugins' y busque 'Cowidgets – Elementor Addons' para actualizarlo.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-37419 is a Path Traversal vulnerability affecting Cowidgets – Elementor Addons versions up to 1.1.1, allowing attackers to read arbitrary files on the server.
You are affected if you are using Cowidgets – Elementor Addons version 1.1.1 or earlier. Check your plugin version and update immediately.
Upgrade Cowidgets – Elementor Addons to version 1.1.2 or later. As a temporary workaround, restrict file access permissions and implement a WAF rule.
As of now, there are no confirmed active exploitation campaigns, but the vulnerability's nature suggests it may become a target.
Refer to the Cowidgets website or WordPress plugin repository for the official advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.