CVE Published: 02/07/2024 |
CVE Updated: 02/08/2024 |
CVE Year: 2024 Source: Patchstack |
Vendor: LA-Studio |
Product: LA-Studio Element Kit for Elementor Status : PUBLISHED
CVE-2024-37479 Description
Local File Inclusion vulnerability in LA-Studio LA-Studio Element Kit for Elementor via "LaStudioKit Progress Bar" widget in New Post, specifically in the "progress_type" attribute.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.8.1.
Metrics
CVSS Version: 3.1 |
Base Score: 8.5 HIGH Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H