CVE-2024-6562

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 12, 2024
CWE ID 200

Summary

CVE-2024-6562 is a vulnerability affecting the WordPress Affiliate Plugin, specifically versions 3.5.5 and below. The issue arises from the plugin's display_errors setting being set to true, leading to Full Path Disclosure. This means unauthenticated attackers can retrieve the full path of the web application. However, the information obtained is not harmful on its own and would need to be combined with another vulnerability to cause damage to a targeted website.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share