Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Qode Essential Addons qode-essential-addons.This issue affects Qode Essential Addons: from n/a through <= 1.6.3.
Published: 2024-10-28
Score: 7.5 High
EPSS: 3.8% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-44884 : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.6.3.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.6.3. Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Qode Essential Addons qode-essential-addons.This issue affects Qode Essential Addons: from n/a through <= 1.6.3.
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.01054}

 epss

{'score': 0.01106}

Tue, 29 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Qodeinteractive
Qodeinteractive qode Essential Addons
CPEs cpe:2.3:a:qodeinteractive:qode_essential_addons:*:*:*:*:*:wordpress:*:*
Vendors & Products Qodeinteractive
Qodeinteractive qode Essential Addons
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 28 Oct 2024 20:00:00 +0000

Type Values Removed Values Added
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.6.3.
Title WordPress Qode Essential Addons plugin <= 1.6.3 - Local File Inclusion vulnerability
Weaknesses CWE-98
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Qodeinteractive Qode Essential Addons
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-11T21:22:58.129Z

Reserved: 2024-10-24T07:26:19.562Z

Link: CVE-2024-50457

cve-icon Vulnrichment

Updated: 2024-10-29T17:56:23.805Z

cve-icon NVD

Status : Modified

Published: 2024-10-28T20:15:07.713

Modified: 2026-04-23T15:19:59.197

Link: CVE-2024-50457

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses