CVE-2024-33568
WordPress Element Pack Pro plugin < 7.19.3 - Arbitrary File Read and Phar Deserialization vulnerability
CVSS Score
8.5
EPSS Score
0.0%
EPSS Percentile
0th
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BdThemes Element Pack Pro bdthemes-element-pack.This issue affects Element Pack Pro: from n/a through < 7.19.3.
| CWE | CWE-22 |
| Vendor | bdthemes |
| Product | element pack pro |
| Published | Jun 4, 2024 |
| Last Updated | Apr 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for bdthemes element pack pro
Be the first to know when new high vulnerabilities affecting bdthemes element pack pro are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
BdThemes / Element Pack Pro
0 โค 7.19.3
References
patchstack.com: https://patchstack.com/database/Wordpress/Plugin/bdthemes-element-pack/vulnerability/wordpress-element-pack-pro-plugin-7-7-4-arbitrary-file-read-and-phar-deserialization-vulnerability?_s_id=cve patchstack.com: https://patchstack.com/database/vulnerability/bdthemes-element-pack/wordpress-element-pack-pro-plugin-7-7-4-arbitrary-file-read-and-phar-deserialization-vulnerability?_s_id=cve
Credits
Rafie Muhammad | Patchstack Bug Bounty Program