How severe is CVE-2024-4359?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-4359?

This is classified as CWE-98, which is a common weakness in software security.

CVE-2024-4359 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 5.7.2 via the SVG widget and a lack of sufficient file validation in the render_svg function. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Related Vulnerabilities

CVE-2024-45077

MEDIUM

CVSS:6.5(Medium)

IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of addi...

CWE-982024

CVE-2024-56216

MEDIUM

CVSS:6.5(Medium)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themify Themify Builder allows PHP Local File Inclusion.This issue affects Them...

CWE-982024

CVE-2025-22305

MEDIUM

CVSS:6.5(Medium)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP OnlineSupport, Essential Plugin Hero Banner Ultimate allows PHP Local File I...

CWE-982025

CVE-2025-24733

MEDIUM

CVSS:6.5(Medium)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AddonMaster Post Grid Master allows PHP Local File Inclusion. This issue affect...

CWE-982025

CVE-2025-25539

MEDIUM

CVSS:6.5(Medium)

Local File Inclusion vulnerability in Vasco v3.14and before allows a remote attacker to obtain sensitive information via help menu.

CWE-982025

CVE-2025-32499

MEDIUM

CVSS:6.5(Medium)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Logo Showcase Ultimate allows PHP Local File Inclusion. This issue affect...

CWE-982025