CVE-2024-53739: 
WordPress vulnerability analysis and mitigation

A Local File Inclusion vulnerability (CVE-2024-53739) was discovered in Cool Plugins Cryptocurrency Widgets For Elementor plugin versions through 1.6.4. The vulnerability was reported on October 23, 2024, by security researcher Zaidan Rizaki and was publicly disclosed on November 27, 2024. This security flaw is classified as an Improper Control of Filename for Include/Require Statement in PHP Program vulnerability (Patchstack).

The vulnerability is categorized under CWE-98 (Improper Control of Filename for Include/Require Statement in PHP Program). It received a CVSS v3.1 Base Score of 8.1 (High), with the following vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability is particularly concerning as it can be exploited without authentication (Patchstack).

The vulnerability could allow malicious actors to include local files of the target website and display their contents. This could potentially lead to exposure of sensitive information, including database credentials, which might result in complete database compromise depending on the system configuration (Patchstack).

Users are strongly advised to update to version 1.6.5 or later of the Cryptocurrency Widgets For Elementor plugin to resolve this vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).