Full Path Disclosure Vulnerability in WooODT Lite Plugin for WordPress
CVE-2024-13540
5.3MEDIUM
Key Information:
- Vendor
- WordPress
- Vendor
- CVE Published:
- 18 February 2025
Summary
The WooODT Lite plugin for WordPress is susceptible to a Full Path Disclosure vulnerability due to the publicly accessible /inc/bycwooodt_get_all_orders.php file. This flaw allows unauthenticated attackers to view detailed error messages revealing the full path of the web application. While the disclosed information may not seem valuable by itself, it can serve as a stepping stone for more severe attacks if combined with other vulnerabilities. Users of versions up to and including 2.5.1 are urged to take immediate action to secure their installations.
Affected Version(s)
WooODT Lite – Delivery & pickup date time location for WooCommerce * <= 2.5.1
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Matthew Rollings