CVE-2024-54382: 
WordPress vulnerability analysis and mitigation

A Path Traversal vulnerability was discovered in BoldThemes Bold Page Builder WordPress plugin, tracked as CVE-2024-54382. The vulnerability affects versions through 5.1.5 and was disclosed on December 11, 2024. The issue was discovered by security researcher Trương Hữu Phúc (truonghuuphuc) (Patchstack).

The vulnerability is classified as an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) issue, identified as CWE-22. It received a CVSS v3.1 Base Score of 4.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N. The vulnerability requires Editor-level privileges to exploit (Patchstack).

The vulnerability allows authenticated users with Editor-level access to perform path traversal attacks, potentially accessing files outside of intended directories. This could lead to unauthorized access to sensitive information, as indicated by the high confidentiality impact in the CVSS score (Patchstack).

The vulnerability has been fixed in version 5.1.6 of the Bold Page Builder plugin. Users are advised to update to this version or later immediately. For users unable to update immediately, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks (Patchstack).