CVE-2024-6574
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Jul 13, 2024
Updated: Jul 15, 2024
Summary
CVE-2024-6574: The Laposta plugin for WordPress, now closed for downloads and no longer maintained, contains a Full Path Disclosure vulnerability affecting all versions up to 1.12. This issue arises due to the plugin's failure to restrict access to certain test files. Unauthenticated attackers can exploit this vulnerability to retrieve the full path of the web application, which could aid in further assaults. However, the information obtained alone is insufficient for significant harm and necessitates the presence of another vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share