CVE-2024-7412
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Aug 12, 2024
CWE ID 200
Summary
CVE-2024-7412 is a vulnerability affecting the No Update Nag plugin for WordPress. The issue allows unauthenticated attackers to access the plugin's bootstrap.php file, which has display_errors enabled. This Full Path Disclosure vulnerability exposes the web application's complete path, which, while not harmful on its own, can aid other attacks when combined with other vulnerabilities. The plugin versions up to and including 1.4.12 are impacted.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share