PT-2024-22178 · Very Good Plugins · Wp Fusion Lite
Lvt-Tholv2K
·
Published
2024-04-03
·
Updated
2024-04-03
·
CVE-2024-27972
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WP Fusion Lite versions 3.41.24 and earlier
Description
The issue is related to an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. This vulnerability allows Command Injection in Very Good Plugins WP Fusion Lite.
Recommendations
For WP Fusion Lite versions 3.41.24 and earlier, update to a version later than 3.41.24 to resolve the issue.
As a temporary workaround, consider restricting access to sensitive commands and parameters to minimize the risk of exploitation.
Fix
Code Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wp Fusion Lite