CVE-2024-9935
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Published: Nov 16, 2024 / Updated: 4d ago
010
CVSS 7.5EPSS 0.09%High
CVE info copied to clipboard
The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Timeline
First Article
Feedly found the first article mentioning CVE-2024-9935. See article
Nov 16, 2024 at 3:38 AM / Vulners.com RSS Feed
CVSS Estimate
Feedly estimated the CVSS score as MEDIUM
Nov 16, 2024 at 3:38 AM
CVE Assignment
NVD published the first details for CVE-2024-9935
Nov 16, 2024 at 4:15 AM
CVSS
A CVSS base score of 7.5 has been assigned.
Nov 16, 2024 at 4:20 AM / nvd
EPSS
EPSS Score was set to: 0.09% (Percentile: 39.7%)
Nov 16, 2024 at 10:07 AM
Affected Systems
Elementor/page_builder
+null more
Attack Patterns
CAPEC-126: Path Traversal
+null more
News
RandomRobbieBF/CVE-2024-9935
[GitHub]PDF Generator Addon for Elementor Page Builder <=1.7.5 - Unauthenticated Arbitrary File Download
WordPress Plugin Vulnerable to Path Traversal Attacks
Redefiningtheweb - HIGH - CVE-2024-9935 The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
CVE-2024-9935 - Elementor Page Builder PDF Generator Path Traversal Vuln
CVE ID : CVE-2024-9935 Published : Nov. 16, 2024, 4:15 a.m. 51 minutes ago Description : The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. Severity: 7.5
CVE-2024-9935
The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...
CVE-2024-9935 PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Unauthenticated Arbitrary File Download
The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...
See 1 more articles and social media posts