Medium severity6.5NVD Advisory· Published Jul 9, 2024· Updated Apr 23, 2026
CVE-2024-37520
CVE-2024-37520
Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through <= 2.1.12.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:radiustheme:shopbuilder:*:*:*:*:*:wordpress:*:*+ 1 more
- cpe:2.3:a:radiustheme:shopbuilder:*:*:*:*:*:wordpress:*:*range: <2.1.13
- (no CPE)range: <=2.1.12
Patches
Vulnerability mechanics
References
2- patchstack.com/database/vulnerability/shopbuilder/wordpress-shopbuilder-elementor-woocommerce-builder-addons-plugin-2-1-12-local-file-inclusion-vulnerabilitynvdThird Party Advisory
- patchstack.com/database/Wordpress/Plugin/shopbuilder/vulnerability/wordpress-shopbuilder-elementor-woocommerce-builder-addons-plugin-2-1-12-local-file-inclusion-vulnerabilitynvd
News mentions
0No linked articles in our index yet.