CVE-2024-10486
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Nov 18, 2024
Updated: Nov 19, 2024
CWE ID 862
Summary
CVE-2024-10486 is a newly disclosed vulnerability affecting the Google for WooCommerce plugin for WordPress. Versions up to and including 2.8.6 are vulnerable due to the exposure of a publicly accessible file named print_php_information.php. This issue allows unauthenticated attackers to retrieve sensitive information about the webserver and PHP configuration. The disclosed data can potentially be utilized to facilitate additional attacks. It is recommended that users of the affected plugin update to the latest version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share