CVE-2024-37479

HIGH Year: 2024
CVSS v3 Score
8.5
High
Weakness Type
CWE-98
View all →

Vulnerability Description

Local File Inclusion vulnerability in LA-Studio LA-Studio Element Kit for Elementor via "LaStudioKit Progress Bar" widget in New Post, specifically in the "progress_type" attribute.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.8.1.

Related Vulnerabilities

CVE-2025-32925

HIGH
CVSS:8.3(High)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FantasticPlugins SUMO Reward Points allows PHP Local File Inclusion.This issue ...

CWE-982025

CVE-2022-4606

HIGH
CVSS:8.8(High)

PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3.

CWE-982022

CVE-2023-24217

HIGH
CVSS:8.8(High)

AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability.

CWE-982023

CVE-2023-49084

HIGH
CVSS:8.8(High)

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the includ...

CWE-982023

CVE-2024-10436

HIGH
CVSS:8.8(High)

The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.1 via the get_condition_value function. This makes it possib...

CWE-982024

CVE-2024-10873

HIGH
CVSS:8.8(High)

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the _load_template function. This makes it possible f...

CWE-982024