Full Path Disclosure Vulnerability Affects WPIDE File Manager & Code Editor
CVE-2024-9546
5.3MEDIUM
Key Information:
- Vendor
- Xplodedthemes
- Status
- WPide – File Manager & Code Editor
- Vendor
- CVE Published:
- 15 October 2024
Summary
The File Manager & Code Editor plugin, developed by WPIDE for WordPress, has a vulnerability that allows full path disclosure in all versions up to 3.4.9. This issue arises from the plugin's use of the PHP-Parser library, which inadvertently reveals execution results related to parsing commands. Although the information obtained through this vulnerability does not pose an immediate risk on its own, it can assist malicious actors in exploiting additional vulnerabilities within the web application. Website administrators should promptly assess their versions of the plugin and apply necessary updates or mitigations to safeguard their systems against potential attacks.
Affected Version(s)
WPIDE – File Manager & Code Editor * <= 3.4.9
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Collectors
NVD DatabaseMitre Database
Credit
TANG Cheuk Hei