First published: Sat Nov 30 2024(Updated: )
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency Widgets For Elementor: from n/a through 1.6.4.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cool Plugins Cryptocurrency Widgets For Elementor | <1.6.5 | |
Cool Plugins Cryptocurrency Widgets | <=1.6.4 | |
WordPress Cryptocurrency Widgets For Elementor | <=1.6.4 |
Update the WordPress Cryptocurrency Widgets For Elementor plugin to the latest available version (at least 1.6.5).
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-53739 is a medium severity vulnerability that allows for local file inclusion in the Cool Plugins Cryptocurrency Widgets For Elementor.
To fix CVE-2024-53739, update the Cryptocurrency Widgets For Elementor plugin to version 1.6.5 or later.
CVE-2024-53739 can enable attackers to execute arbitrary PHP code or access sensitive files on the server.
CVE-2024-53739 affects Cryptocurrency Widgets For Elementor versions up to and including 1.6.4.
The vendor for CVE-2024-53739 is Cool Plugins, which develops the Cryptocurrency Widgets For Elementor plugin.