The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use.
History

Thu, 26 Sep 2024 22:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo

Wed, 28 Aug 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Maxfoundry
Maxfoundry maxbuttons
CPEs cpe:2.3:a:maxfoundry:maxbuttons:*:*:*:*:*:wordpress:*:*
Vendors & Products Maxfoundry
Maxfoundry maxbuttons
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 24 Aug 2024 03:45:00 +0000

Type Values Removed Values Added
Description The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use.
Title WordPress Button Plugin MaxButtons <= 9.7.8 - Full Path Disclosure
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-08-24T03:29:23.649Z

Updated: 2024-08-28T16:02:32.188Z

Reserved: 2024-07-03T21:23:16.412Z

Link: CVE-2024-6499

cve-icon Vulnrichment

Updated: 2024-08-28T16:02:27.423Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-24T04:15:07.370

Modified: 2024-09-26T22:07:50.040

Link: CVE-2024-6499

cve-icon Redhat

No data.