CVE-2024-30509 - Vulnerability Details - OpenCVE

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Artbees SellKit allows Relative Path Traversal.This issue affects SellKit: from n/a through 1.8.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00771.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Artbees

SellKit

unaffected

Version	Status	Constraints
`n/a`	affected	≤ 1.8.1

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Artbees Subscribe	Sellkit Subscribe
Wordpress Subscribe	Wordpress Subscribe

Project Subscriptions

Vendors	Products
Artbees Subscribe	Sellkit Subscribe
Wordpress Subscribe	Wordpress Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2024-28429	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Artbees SellKit allows Relative Path Traversal.This issue affects SellKit: from n/a through 1.8.1.

Fixes

Solution

Update to 1.8.3 or a higher version.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://patchstack.com/database/vulnerability/sellkit/wordpress-sellkit-plugin-1-8-1-arbitrary-file-download-vulnerability?_s_id=cve

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-05-17T08:51:58.241Z

Updated: 2026-04-28T16:09:25.724Z

Reserved: 2024-03-27T12:26:51.740Z

Link: CVE-2024-30509

Vulnrichment

Updated: 2024-05-17T16:44:07.901Z

NVD

Status : Deferred

Published: 2024-05-17T09:15:29.330

Modified: 2026-04-15T00:35:42.020

Link: CVE-2024-30509

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-07-12T22:23:21Z

Weaknesses

CWE-22

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-30509", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-03-27T12:26:51.740Z", "datePublished": "2024-05-17T08:51:58.241Z", "dateUpdated": "2026-04-28T16:09:25.724Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "sellkit", "product": "SellKit", "vendor": "Artbees", "versions": [{"changes": [{"at": "1.8.3", "status": "unaffected"}], "lessThanOrEqual": "1.8.1", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "stealthcopter (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Artbees SellKit allows Relative Path Traversal.<p>This issue affects SellKit: from n/a through 1.8.1.</p>"}], "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Artbees SellKit allows Relative Path Traversal.This issue affects SellKit: from n/a through 1.8.1."}], "impacts": [{"capecId": "CAPEC-139", "descriptions": [{"lang": "en", "value": "CAPEC-139 Relative Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:09:25.724Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/sellkit/wordpress-sellkit-plugin-1-8-1-arbitrary-file-download-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 1.8.3 or a higher version."}], "value": "Update to 1.8.3 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress SellKit plugin <= 1.8.1 - Arbitrary File Download vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-30509", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-17T16:43:59.729922Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:38:20.610Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:38:59.667Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/sellkit/wordpress-sellkit-plugin-1-8-1-arbitrary-file-download-vulnerability?_s_id=cve"}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-30509", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-03-27T12:26:51.740Z", "datePublished": "2024-05-17T08:51:58.241Z", "dateUpdated": "2024-06-04T17:38:20.610Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "sellkit", "product": "SellKit", "vendor": "Artbees", "versions": [{"changes": [{"at": "1.8.3", "status": "unaffected"}], "lessThanOrEqual": "1.8.1", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "stealthcopter (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Artbees SellKit allows Relative Path Traversal.<p>This issue affects SellKit: from n/a through 1.8.1.</p>"}], "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Artbees SellKit allows Relative Path Traversal.This issue affects SellKit: from n/a through 1.8.1."}], "impacts": [{"capecId": "CAPEC-139", "descriptions": [{"lang": "en", "value": "CAPEC-139 Relative Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-05-17T08:51:58.241Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/sellkit/wordpress-sellkit-plugin-1-8-1-arbitrary-file-download-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 1.8.3 or a higher version."}], "value": "Update to 1.8.3 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress SellKit plugin <= 1.8.1 - Arbitrary File Download vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-30509", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-17T16:43:59.729922Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-17T16:44:07.901Z"}, "title": "CISA ADP Vulnrichment"}]}}