Full Path Disclosure Vulnerability Affects WPIDE File Manager & Code Editor
CVE-2024-9546

5.3MEDIUM

Key Information:

Vendor: Wordpress
Status: WPide – File Manager & Code Editor
Vendor: CVE Published:; 15 October 2024

What is CVE-2024-9546?

The File Manager & Code Editor plugin, developed by WPIDE for WordPress, has a vulnerability that allows full path disclosure in all versions up to 3.4.9. This issue arises from the plugin's use of the PHP-Parser library, which inadvertently reveals execution results related to parsing commands. Although the information obtained through this vulnerability does not pose an immediate risk on its own, it can assist malicious actors in exploiting additional vulnerabilities within the web application. Website administrators should promptly assess their versions of the plugin and apply necessary updates or mitigations to safeguard their systems against potential attacks.

Affected Version(s)

WPIDE – File Manager & Code Editor * <= 3.4.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/wpide/tags/3.4...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2024

Credit

TANG Cheuk Hei

Wordpress

What is CVE-2024-9546?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit