CVE-2024-37091

moderate-risk
Published 2024-06-24

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0; Masterstudy Elementor Widgets: from n/a through 1.2.2.

Do I need to act?

~
6.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.9/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Consulting Elementor Widgets

Affected Vendors

Stylemixthemes

References (3)

Third Party Advisory https://patchstack.com/database/vulnerability/consulting-elementor-widgets/wordp...
https://patchstack.com/database/vulnerability/masterstudy-elementor-widgets/word...
Third Party Advisory https://patchstack.com/database/vulnerability/consulting-elementor-widgets/wordp...
47
/ 100
moderate-risk
Severity 33/34 · Critical
Exploitability 9/34 · Low
Exposure 5/34 · Minimal