CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37520 – WordPress ShopBuilder – Elementor WooCommerce Builder Addons plugin <= 2.1.12 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-37520
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons allows Path Traversal.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through 2.1.12. Limitación inadecuada de un nombre de ruta a un directorio restringido ("Path Traversal") en RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons permite una vulnerabilidad de Path Traversal. Este problema afecta a ShopBuilder – Elementor WooCommerce Builder Addons: desde n/a hasta 2.1.12. The ShopBuilder – Elementor WooCommerce Builder Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. • https://patchstack.com/database/vulnerability/shopbuilder/wordpress-shopbuilder-elementor-woocommerce-builder-addons-plugin-2-1-12-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34812 – WordPress ShopBuilder plugin <= 2.1.8 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-34812
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through 2.1.8. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons. Este problema afecta a ShopBuilder – Complementos de Elementor WooCommerce Builder: desde n/a hasta 2.1.8. The ShopBuilder – Elementor WooCommerce Builder Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.8. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/shopbuilder/wordpress-shopbuilder-plugin-2-1-8-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •