CVE-2024-6555
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Jul 12, 2024
Summary
CVE-2024-6555 is a newly disclosed vulnerability affecting the WP Popups plugin for WordPress. Versions up to 2.2.0.1 are susceptible to Full Path Disclosure due to the plugin's use of mobiledetect without implementing proper access restrictions. This issue allows unauthenticated attackers to retrieve the full path of the web application, which, although not directly harmful, can facilitate further attacks when combined with other vulnerabilities.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share