CVE-2024-9546 – The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path …

15 October 2024

Vuln ID: CVE-2024-9546

Published: 2024-10-15 00:15:21.763

Description: The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. This is due to the plugin utilizing the PHP-Parser library, which outputs parser rebuild command execution results. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.

Base Score: 5.3 – MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Source: NVD.NIST.GOV

Date:

15 October 2024

Categorie(s):

NVD

Tag(s):

NVD

Cisco confirms ‘ongoing investigation’ after crims brag about selling tons of data15 October 2024
North Korean hackers use newly discovered Linux malware to raid ATMs15 October 2024
Stego, uBlock, PPTP, Log4J, Command Jacking, Windows 10, Feet, Josh Marpet, and More. – SWN #42215 October 2024
CISOs on AI: 7 key takeaways from security leaders at Elastic and Drata15 October 2024
Jetpack patches critical bug that exposed data on 27M WordPress sites15 October 2024