Wpcafe
CVE-2024-37513
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows Path Traversal.This issue affects WPCafe: from n/a through 2.2.27.
AnalysisAI
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows Path Traversal.2.27. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows Path Traversal.2.27. Affected products include: Themewinter Wpcafe. Version information: through 2.2.27..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
A missing authorization vulnerability exists in Arraytics WPCafe WordPress plugin versions up to 3.0.7, where incorrectl
The WPCafe - Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is v
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allow
The WPCafe - Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is v
The WPCafe - Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPr
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today