What is the severity of CVE-2024-37479?

CVE-2024-37479 has been classified as a high-severity local file inclusion vulnerability.

How do I fix CVE-2024-37479?

To fix CVE-2024-37479, update the LA-Studio Element Kit for Elementor to version 1.3.8.2 or later.

What versions are affected by CVE-2024-37479?

CVE-2024-37479 affects LA-Studio Element Kit for Elementor from an unknown version up to and including 1.3.8.1.

What does CVE-2024-37479 affect specifically?

CVE-2024-37479 affects the 'LaStudioKit Progress Bar' widget in the LA-Studio Element Kit for Elementor.

Can CVE-2024-37479 be exploited remotely?

Yes, CVE-2024-37479 can be exploited remotely through the vulnerable 'progress_type' attribute.

Vulnerability/
CVE-2024-37479

high

8.5

CWE

2/7/2024

18/3/2025

CVE-2024-37479: WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.8.1 - Contributor+ Local File Inclusion vulnerability

First published: Tue Jul 02 2024(Updated: )

Local File Inclusion vulnerability in LA-Studio LA-Studio Element Kit for Elementor via "LaStudioKit Progress Bar" widget in New Post, specifically in the "progress_type" attribute.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.8.1.

Credit: audit@patchstack.com

Affected Software	Affected Version	How to fix
WordPress LA-Studio Element Kit for Elementor	<=1.3.8.1
LA-Studio Element Kit for Elementor	<=1.3.8.1

Remedy

Update to 1.3.9 or a higher version.

Never miss a vulnerability like this again

Reference Links

https://patchstack.com/database/vulnerability/lastudio-element-kit/wordpress-la-studio-element-kit-for-elementor-plugin-1-3-8-1-local-file-inclusion-vulnerability?_s_id=cve

Frequently Asked Questions

What is the severity of CVE-2024-37479?
CVE-2024-37479 has been classified as a high-severity local file inclusion vulnerability.
How do I fix CVE-2024-37479?
To fix CVE-2024-37479, update the LA-Studio Element Kit for Elementor to version 1.3.8.2 or later.
What versions are affected by CVE-2024-37479?
CVE-2024-37479 affects LA-Studio Element Kit for Elementor from an unknown version up to and including 1.3.8.1.
What does CVE-2024-37479 affect specifically?
CVE-2024-37479 affects the 'LaStudioKit Progress Bar' widget in the LA-Studio Element Kit for Elementor.
Can CVE-2024-37479 be exploited remotely?
Yes, CVE-2024-37479 can be exploited remotely through the vulnerable 'progress_type' attribute.

agent/remedy
agent/title
agent/references
agent/type
agent/description
agent/first-publish-date
agent/author
agent/severity
agent/source
collector/mitre-cve
source/MITRE
agent/softwarecombine
collector/nvd-api
source/NVD
agent/weakness
agent/last-modified-date
agent/event
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/la-studio
canonical/wordpress la-studio element kit for elementor
vendor/wordpress
canonical/la-studio element kit for elementor

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.