CVE-2024-22347

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Jan 20, 2025

CWE ID 327

Summary

CVE-2024-13536: The 1003 Mortgage Application plugin for WordPress, up to version 1.87, suffers from a Full Path Disclosure vulnerability. The issue arises due to the publicly accessible /inc/class/fnm/export.php file, which has error logging enabled. This disclosure enables unauthenticated attackers to retrieve the web application's full path. While the information alone is not damaging, it can be harmful when combined with another vulnerability, putting affected websites at risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uE8j8y
https://www.cve.org/CVERecord?id=CVE-2024-22347
https://nvd.nist.gov/vuln/detail/CVE-2024-22347

Back to Vulnerability Database

CVE-2024-22347

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations