CVE-2024-7410

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 12, 2024
CWE ID 200

Summary

CVE-2024-7410 is a vulnerability affecting the My Custom CSS PHP & ADS plugin for WordPress. The issue stems from the plugin's failure to restrict access to the /my-custom-css/vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php file. Unauthenticated attackers can directly access this file, leading to Full Path Disclosure. The disclosed information may not be harmful on its own but can aid other attacks when combined with another vulnerability. Therefore, it is crucial for users to update the plugin to a version beyond 3.3 to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share