CVE-2024-43271: 
WordPress vulnerability analysis and mitigation

A Local File Inclusion vulnerability (CVE-2024-43271) was discovered in the WordPress plugin 'Widgets for WooCommerce Products on Elementor' affecting versions up to 2.0.4. The vulnerability was reported on June 10, 2024, by João Pedro S Alcântara (Kinorth) and published by Patchstack on August 14, 2024. This security issue allows for path traversal and PHP Local File Inclusion in the plugin (Patchstack).

The vulnerability is classified as an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) issue, identified as CWE-22. It received a CVSS v3.1 base score of 8.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H. The vulnerability requires Contributor or higher privileges to exploit (Patchstack).

The vulnerability could allow a malicious actor to include local files of the target website and display their contents. This could potentially expose sensitive information such as database credentials, which depending on the configuration, might lead to complete database compromise (Patchstack).

Currently, there is no official fix available for this vulnerability. The issue affects versions up to 2.0.4 of the Widgets for WooCommerce Products on Elementor plugin (Patchstack).