What is CVE-2024-35658?

A high-severity path traversal vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) affects versions up to 3.6.2. Immediate remediation is necessary due to potential file manipulation risks.

What is the severity of CVE-2024-35658?

CVE-2024-35658 has a severity rating of HIGH with a CVSS base score of 8.6.

CVE-2024-35658 | Themehigh

CVE-2024-35658 is classified as a high-severity vulnerability due to its CVSS score of 8.6. This vulnerability allows improper limitation of a pathname to a restricted directory, known as 'Path Traversal', in the ThemeHigh Checkout Field Editor for WooCommerce (Pro). The flaw can lead to functionality misuse and unauthorized file manipulation.

The potential risk to organizations includes unauthorized access to sensitive information and the ability to manipulate files, which can have severe consequences for the integrity of the affected systems. With the exploitation status currently unknown, defenders are urged to take this vulnerability seriously and prioritize mitigation efforts.

Organizations should prioritize patching immediately, as the vulnerability affects Checkout Field Editor for WooCommerce (Pro) versions up to 3.6.2. The urgency for remediation is heightened by the nature of the vulnerability and its implications for security.

This vulnerability is a reminder that even seemingly minor components in a web application can introduce significant risks. Organizations should regularly evaluate their software for vulnerabilities and apply updates promptly to maintain security.

Vulnerability Details

CVE-2024-35658 is described as an improper limitation of a pathname to a restricted directory, commonly referred to as 'Path Traversal'. This vulnerability affects the ThemeHigh Checkout Field Editor for WooCommerce (Pro) plugin, specifically in versions from n/a up to 3.6.2. The CVSS score for this vulnerability is 8.6, indicating it is classified as high severity.

The issue was published on June 10, 2024, and it is classified under CWE-22, which pertains to improper limitation of a pathname. The nature of the vulnerability allows for potential file manipulation, which can lead to unauthorized access to sensitive data.

Technical Analysis

The root cause of CVE-2024-35658 stems from inadequate input validation related to file paths. This vulnerability can be exploited through a network attack vector, requiring low attack complexity and no privileges to exploit. User interaction is also not required, making it easier for attackers to leverage this vulnerability without prompting the user.

The implications of this vulnerability are significant, particularly regarding availability. If exploited, it can lead to high availability impact while having no impact on confidentiality or integrity. Organizations using the affected plugin should be aware of the potential for unauthorized file access and manipulation.

Risk & Impact Analysis

Risk to organizations includes unauthorized file access and manipulation, which can lead to broader security incidents. The blast radius of this vulnerability can extend beyond the immediate system, potentially affecting other interconnected systems and data.

Given the high CVSS score of 8.6, organizations must assess their exposure to this vulnerability and take immediate steps to remediate it. The absence of known exploits does not diminish the potential risk, as attackers could develop methods to exploit this vulnerability at any time.

Organizations should address this vulnerability in their priority patch cycle to mitigate risk effectively and protect sensitive information.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of the ThemeHigh Checkout Field Editor for WooCommerce (Pro) plugin are from n/a through 3.6.2. Organizations using this plugin should ensure they upgrade to the latest version to mitigate the vulnerability.

Mitigation & Remediation

To remediate this vulnerability, organizations should upgrade to the latest version of the ThemeHigh Checkout Field Editor for WooCommerce (Pro) plugin. If a patch is not immediately available, organizations can consider applying configuration hardening measures to limit file access and monitor for any abnormal activity.

For ongoing security, organizations should also implement continuous security testing to identify and address vulnerabilities as they arise. This approach helps ensure that any weaknesses are quickly identified and remediated.

Organizations should validate risk management practices and ensure that incident response plans are in place to address potential exploitation of vulnerabilities.

Strategic defensive takeaways should include regular security assessments and vulnerability scanning to identify weaknesses before they can be exploited. Organizations can benefit from engaging in penetration testing to validate their defenses and improve overall security resilience.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2024-35658: High Vulnerability in ThemeHigh Checkout Field Editor for WooCommerce