CVE-2024-6555

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jul 12, 2024

Summary

CVE-2024-6555 is a newly disclosed vulnerability affecting the WP Popups plugin for WordPress. Versions up to 2.2.0.1 are susceptible to Full Path Disclosure due to the plugin's use of mobiledetect without implementing proper access restrictions. This issue allows unauthenticated attackers to retrieve the full path of the web application, which, although not directly harmful, can facilitate further attacks when combined with other vulnerabilities.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share