CVE-2024-37479

HIGH

LA-Studio Element Kit for Elementor <= 1.3.8.1 - Local File Inclusion via Progress Bar Widget Progress Type Attribute

Title source: llm

Description

Local File Inclusion vulnerability in LA-Studio LA-Studio Element Kit for Elementor via "LaStudioKit Progress Bar" widget in New Post, specifically in the "progress_type" attribute.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.8.1.

References (1)

Core 1

Core References

Third Party Advisory vdb-entry

https://patchstack.com/database/vulnerability/lastudio-element-kit/wordpress-la-studio-element-kit-for-elementor-plugin-1-3-8-1-local-file-inclusion-vulnerability?_s_id=cve

Scores

CVSS v3 8.5

EPSS 0.0044

EPSS Percentile 35.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-98

Status published

Products (2)

LA-Studio/LA-Studio Element Kit for Elementor < 1.3.8.1

la-studioweb/element_kit_for_elementor < 1.3.9

Published Jul 02, 2024

Tracked Since Feb 18, 2026