cleantalk
Vulnerabilities and Security Researches

Timber, CVE-2024-45411

CVE, Research URL

CVE-2024-45411

Home page URL

Security reports for Timber

Application

Timber

Published on
Sep 10, 2024
Research Description
Twig is a template language for PHP. Under some circumstances, the sandbox security checks are not run which allows user-contributed templates to bypass the sandbox restrictions. This vulnerability is fixed in 1.44.8, 2.16.1, and 3.14.0.
Affected versions
Min -, max 1.23.3.
Status
vulnerable
Previous vulnerability researches
Custom Order Statuses for WooCommerce (CVE-2024-32524) , Jun 07, 2024
Custom Order Statuses for WooCommerce (CVE-2024-25930) , Jun 07, 2024
New vulnerability
Frontend File Manager Plugin (CVE-2023-7306) , Jul 27, 2025
Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition (CVE-2025-6441) , Jul 27, 2025
Timber (CVE-2024-45411) , Jul 27, 2025
Advanced iFrame (CVE-2025-6987) , Jul 27, 2025
ReachShip WooCommerce Multi-Carrier & Conditional Shipping (CVE-2025-53213) , Jul 27, 2025