CVE-2024-7413
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Aug 12, 2024
CWE ID 200
Summary
CVE-2024-7413: The Obfuscate Email plugin for WordPress, affected up to version 3.8.1, contains a Full Path Disclosure vulnerability. This issue arises due to the plugin granting unauthenticated access to the bootstrap.php file, which has display_errors enabled. By exploiting this vulnerability, attackers can retrieve the full path of the web application, which, while harmless on its own, can aid in executing further attacks when another vulnerability is present.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share