CVE-2024-1974

Name of the Vulnerable Software and Affected Versions HT Mega – Absolute Addons For Elementor plugin for WordPress versions prior to 2.4.7

Description The issue allows authenticated attackers with contributor access or higher to read the contents of arbitrary files on the server, potentially containing sensitive information, via the render function.

Recommendations For versions prior to 2.4.7, update to version 2.4.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the render function until a patch is available.