CVE-2024-43135

Name of the Vulnerable Software and Affected Versions Themewinter WPCafe versions 2.2.28 and earlier

Description The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, which allows PHP Local File Inclusion. This vulnerability can be exploited to access files outside the intended directory, potentially leading to sensitive information disclosure or other security issues.

Recommendations For Themewinter WPCafe versions 2.2.28 and earlier, update to a version that fixes this issue. However, since the fixed version is not specified, consider restricting access to sensitive files and directories as a temporary mitigation measure. Additionally, monitor the official Themewinter WPCafe channels for updates and patches. At the moment, there is no information about a newer version that contains a fix for this vulnerability.