/

CVE-2024-1974 Report - Details, Severity, & Advisories

CVE-2024-1974 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2024-1974?

CVE-2024-1974 is a high-severity vulnerability affecting the HT Mega – Absolute Addons For Elementor plugin for WordPress, specifically in versions up to and including 2.4.6. This vulnerability allows authenticated attackers with contributor access or higher to perform directory traversal, enabling them to read the contents of arbitrary files on the server, which may contain sensitive information. The types of systems affected are WordPress websites using the vulnerable plugin versions.

Who is impacted?

The CVE-2024-1974 vulnerability affects WordPress websites using the HT Mega – Absolute Addons For Elementor plugin, specifically in versions up to and including 2.4.6. Authenticated attackers with contributor access or higher are able to exploit this vulnerability, potentially exposing sensitive information by reading the contents of arbitrary files on the server.

What to do if CVE-2024-1974 affected you

If your WordPress website is affected by the CVE-2024-1974 vulnerability, it's crucial to take immediate action to protect your sensitive data. Here's a simple guide to help you address the issue:

  1. Update the HT Mega – Absolute Addons For Elementor plugin to the latest version (2.4.7 or higher).

  2. Ensure the API key for the weather map is securely stored and not exposed in the source code.

  3. Validate and sanitize user inputs, such as latitude and longitude, to prevent potential security risks.

  4. Monitor your website for any signs of unauthorized access or data breaches, and address them promptly.

Is it in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-1974 vulnerability in the HT Mega – Absolute Addons For Elementor plugin for WordPress is currently awaiting analysis in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, which allows authenticated attackers to read arbitrary files on the server, was added to the catalog on April 9, 2024. No due date or required action is mentioned, but it is recommended to update the plugin to version 2.4.7 or higher to address the issue.

Weakness Enumeration

The weakness enumeration for this vulnerability is Insufficient Information, indicating a lack of specific details about the vulnerability and its mitigation.

Learn More

CVE-2024-1974 is a significant vulnerability in the HT Mega – Absolute Addons For Elementor plugin for WordPress, affecting versions up to and including 2.4.6. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2024-1974 Report - Details, Severity, & Advisories

CVE-2024-1974 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2024-1974?

CVE-2024-1974 is a high-severity vulnerability affecting the HT Mega – Absolute Addons For Elementor plugin for WordPress, specifically in versions up to and including 2.4.6. This vulnerability allows authenticated attackers with contributor access or higher to perform directory traversal, enabling them to read the contents of arbitrary files on the server, which may contain sensitive information. The types of systems affected are WordPress websites using the vulnerable plugin versions.

Who is impacted?

The CVE-2024-1974 vulnerability affects WordPress websites using the HT Mega – Absolute Addons For Elementor plugin, specifically in versions up to and including 2.4.6. Authenticated attackers with contributor access or higher are able to exploit this vulnerability, potentially exposing sensitive information by reading the contents of arbitrary files on the server.

What to do if CVE-2024-1974 affected you

If your WordPress website is affected by the CVE-2024-1974 vulnerability, it's crucial to take immediate action to protect your sensitive data. Here's a simple guide to help you address the issue:

  1. Update the HT Mega – Absolute Addons For Elementor plugin to the latest version (2.4.7 or higher).

  2. Ensure the API key for the weather map is securely stored and not exposed in the source code.

  3. Validate and sanitize user inputs, such as latitude and longitude, to prevent potential security risks.

  4. Monitor your website for any signs of unauthorized access or data breaches, and address them promptly.

Is it in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-1974 vulnerability in the HT Mega – Absolute Addons For Elementor plugin for WordPress is currently awaiting analysis in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, which allows authenticated attackers to read arbitrary files on the server, was added to the catalog on April 9, 2024. No due date or required action is mentioned, but it is recommended to update the plugin to version 2.4.7 or higher to address the issue.

Weakness Enumeration

The weakness enumeration for this vulnerability is Insufficient Information, indicating a lack of specific details about the vulnerability and its mitigation.

Learn More

CVE-2024-1974 is a significant vulnerability in the HT Mega – Absolute Addons For Elementor plugin for WordPress, affecting versions up to and including 2.4.6. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2024-1974 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2024-1974?

CVE-2024-1974 is a high-severity vulnerability affecting the HT Mega – Absolute Addons For Elementor plugin for WordPress, specifically in versions up to and including 2.4.6. This vulnerability allows authenticated attackers with contributor access or higher to perform directory traversal, enabling them to read the contents of arbitrary files on the server, which may contain sensitive information. The types of systems affected are WordPress websites using the vulnerable plugin versions.

Who is impacted?

The CVE-2024-1974 vulnerability affects WordPress websites using the HT Mega – Absolute Addons For Elementor plugin, specifically in versions up to and including 2.4.6. Authenticated attackers with contributor access or higher are able to exploit this vulnerability, potentially exposing sensitive information by reading the contents of arbitrary files on the server.

What to do if CVE-2024-1974 affected you

If your WordPress website is affected by the CVE-2024-1974 vulnerability, it's crucial to take immediate action to protect your sensitive data. Here's a simple guide to help you address the issue:

  1. Update the HT Mega – Absolute Addons For Elementor plugin to the latest version (2.4.7 or higher).

  2. Ensure the API key for the weather map is securely stored and not exposed in the source code.

  3. Validate and sanitize user inputs, such as latitude and longitude, to prevent potential security risks.

  4. Monitor your website for any signs of unauthorized access or data breaches, and address them promptly.

Is it in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-1974 vulnerability in the HT Mega – Absolute Addons For Elementor plugin for WordPress is currently awaiting analysis in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, which allows authenticated attackers to read arbitrary files on the server, was added to the catalog on April 9, 2024. No due date or required action is mentioned, but it is recommended to update the plugin to version 2.4.7 or higher to address the issue.

Weakness Enumeration

The weakness enumeration for this vulnerability is Insufficient Information, indicating a lack of specific details about the vulnerability and its mitigation.

Learn More

CVE-2024-1974 is a significant vulnerability in the HT Mega – Absolute Addons For Elementor plugin for WordPress, affecting versions up to and including 2.4.6. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.