CVE-2024-6554
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Jul 11, 2024
Updated: Jul 12, 2024
Summary
CVE-2024-6554: The Branda – White Label WordPress plugin, version 3.4.18 and below, is vulnerable to Full Path Disclosure due to the plugin's use of Composer without proper access restrictions. This vulnerability allows unauthenticated attackers to retrieve the full path of the web application. The obtained information is not harmful on its own, but can facilitate other attacks when combined with another vulnerability. Thus, it is crucial to apply the necessary patch or update the plugin to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- WPMU DEV Branda
Affected Vendors
- WPMU DEV