CVE-2024-44018

{"id": "CVE-2024-44018", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2024-10-05T13:15:12.890", "references": [{"url": "https://patchstack.com/database/vulnerability/instant-chat-wp/wordpress-instant-chat-wp-plugin-1-0-5-local-file-inclusion-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Istmo Plugins Instant Chat Floating Button for WordPress Websites allows PHP Local File Inclusion.This issue affects Instant Chat Floating Button for WordPress Websites: from n/a through 1.0.5."}, {"lang": "es", "value": "La vulnerabilidad de limitaci\u00f3n incorrecta de una ruta a un directorio restringido ('Path Traversal') en Istmo Plugins Instant Chat Floating Button for WordPress Websites permite la inclusi\u00f3n de archivos locales en PHP. Este problema afecta al bot\u00f3n flotante de chat instant\u00e1neo para sitios web de WordPress: desde n/a hasta 1.0.5."}], "lastModified": "2024-10-07T17:48:28.117", "sourceIdentifier": "audit@patchstack.com"}