CVE-2024-53800

High

Published: 07 January 2025

Published

07 January 2025

Modified

01 April 2026

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0457 89.3th percentile

Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in rezgo Rezgo rezgo allows PHP Local File Inclusion.This issue affects Rezgo: from n/a through <= 4.17.

Security Summary

CVE-2024-53800 is an Improper Control of Filename for Include/Require Statement in PHP Program vulnerability, classified as a PHP Remote File Inclusion that enables PHP Local File Inclusion (CWE-98). It affects the Rezgo WordPress plugin for online booking, with all versions from n/a through 4.17 vulnerable.

An unauthenticated remote attacker (AV:N/PR:N/UI:N) can exploit this vulnerability over the network, though it requires high attack complexity (AC:H). Successful exploitation in an unchanged scope (S:U) can result in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H), yielding an overall CVSS v3.1 score of 8.1.

The Patchstack advisory documents this local file inclusion vulnerability in the WordPress Rezgo online booking plugin, specifically referencing version 4.15, with details available at https://patchstack.com/database/Wordpress/Plugin/rezgo/vulnerability/wordpress-rezgo-online-booking-plugin-4-15-local-file-inclusion-vulnerability?_s_id=cve.

Details

CWE(s): CWE-98

Affected Products

rezgo

rezgo online booking

≤ 4.17.1

References

https://patchstack.com/database/Wordpress/Plugin/rezgo/vulnerability/wordpress-rezgo-online-booking-plugin-4-15-local-file-inclusion-vulnerability?_s_id=cve
Third Party Advisory · audit@patchstack.com