PT-2024-27587 · La Studio · La-Studio Element Kit For Elementor
João Pedro S Alcântara
·
Published
2024-07-02
·
Updated
2025-07-10
·
CVE-2024-37479
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
LA-Studio Element Kit for Elementor versions 1.3.8.1 and earlier
Description
A Local File Inclusion issue exists in the LA-Studio Element Kit for Elementor, specifically via the "LaStudioKit Progress Bar" widget in New Post. The issue is related to the
progress type attribute.Recommendations
For versions 1.3.8.1 and earlier, as a temporary workaround, consider disabling the "LaStudioKit Progress Bar" widget until a patch is available. Restrict access to the
progress type attribute in the affected widget to minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
La-Studio Element Kit For Elementor