CVE-2024-8393: 
WordPress vulnerability analysis and mitigation

The Woocommerce Blocks – Woolook plugin for WordPress contains a Local File Inclusion vulnerability (CVE-2024-8393) affecting all versions up to and including 1.7.0. The vulnerability exists in the 'tab' parameter, which can be exploited by authenticated users with Administrator-level access (Wordfence).

The vulnerability has been assigned a CVSS v3.1 base score of 6.6 (Medium) with the vector string CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H. The weakness is classified as CWE-98 (Improper Control of Filename for Include/Require Statement in PHP Program). The vulnerability allows authenticated administrators to include and execute arbitrary files on the server (NVD).

If exploited, this vulnerability allows attackers to execute arbitrary PHP code contained in included files, potentially leading to unauthorized access to sensitive data, bypass of access controls, and code execution when 'safe' file types like images can be uploaded and included (NVD).

Users should update the Woocommerce Blocks – Woolook plugin to a version newer than 1.7.0 if available. In the absence of an update, it is recommended to remove or disable the plugin to prevent potential exploitation (NVD).