CVE-2024-13535

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Feb 18, 2025

Updated: Feb 24, 2025

CWE ID 209

CWE ID 22

Summary

CVE-2024-13535: The Actionwear products sync plugin for WordPress, versions up to 2.3.0, suffers from a Full Path Disclosure vulnerability. This issue stems from the composer-setup.php file being publicly accessible with 'display_errors' enabled. attackers can exploit this to retrieve the full path of the web application, potentially aiding other attacks. However, the information disclosed alone is not damaging and requires another vulnerability to cause harm to an affected website.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2owSGs
https://www.cve.org/CVERecord?id=CVE-2024-13535
https://nvd.nist.gov/vuln/detail/CVE-2024-13535

Back to Vulnerability Database

CVE-2024-13535

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations