CVE-2024-6552

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 8, 2024

CWE ID 200

Summary

CVE-2024-6552: Unauthenticated attackers can exploit the Full Path Disclosure vulnerability in the Amelia plugin for WordPress, versions 1.2 and below. This issue arises due to the plugin's use of Symfony and failing to deactivate display_errors in test files. While the disclosed information doesn't pose a threat on its own, it can be used in conjunction with other vulnerabilities to harm affected websites.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/w5LR8C
https://www.cve.org/CVERecord?id=CVE-2024-6552
https://nvd.nist.gov/vuln/detail/CVE-2024-6552

Back to Vulnerability Database

CVE-2024-6552

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations