Full Path Disclosure Vulnerability in WP Popups Plugin for WordPress
CVE-2024-6555

5.3MEDIUM

Key Information:

Vendor
Wordpress
Status
WP Popups
Vendor
CVE Published:
12 July 2024

Summary

The WP Popups plugin for WordPress suffers from a Full Path Disclosure vulnerability that affects all versions up to and including 2.2.0.1. This issue arises due to the plugin’s use of mobiledetect without appropriate restrictions on file access. As a result, unauthenticated attackers can exploit this vulnerability to reveal the full directory path of the web application. While the information obtained may not pose an immediate threat by itself, it can potentially be leveraged in conjunction with other vulnerabilities to compromise the security of affected websites.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-6555 : Full Path Disclosure Vulnerability in WP Popups Plugin for WordPress | SecurityVulnerability.io