CVE-2024-5179: 
WordPress vulnerability analysis and mitigation

The Cowidgets – Elementor Addons plugin for WordPress contains a Local File Inclusion vulnerability (CVE-2024-5179) affecting all versions up to and including 1.1.1. The vulnerability exists in the 'item_style' and 'style' parameters, which can be exploited by authenticated attackers with Contributor-level access or higher (Wordfence Advisory).

The vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and has received a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires low attack complexity, needs low privileges, and can result in high impacts to confidentiality, integrity, and availability (Wordfence Advisory).

The vulnerability allows attackers to include and execute arbitrary files on the server, potentially leading to the execution of any PHP code in those files. This can be leveraged to bypass access controls, obtain sensitive data, or achieve code execution, particularly in cases where images and other 'safe' file types can be uploaded and included (Wordfence Advisory).

Users should update to version 1.2.0 or later of the Cowidgets – Elementor Addons plugin to address this vulnerability (Wordfence Advisory).