The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use.
Metrics
Affected Vendors & Products
References
History
Thu, 26 Sep 2024 22:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | NVD-CWE-noinfo |
Wed, 28 Aug 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Maxfoundry
Maxfoundry maxbuttons |
|
CPEs | cpe:2.3:a:maxfoundry:maxbuttons:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Maxfoundry
Maxfoundry maxbuttons |
|
Metrics |
ssvc
|
Sat, 24 Aug 2024 03:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use. | |
Title | WordPress Button Plugin MaxButtons <= 9.7.8 - Full Path Disclosure | |
Weaknesses | CWE-200 | |
References |
|
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-08-24T03:29:23.649Z
Updated: 2024-08-28T16:02:32.188Z
Reserved: 2024-07-03T21:23:16.412Z
Link: CVE-2024-6499
Vulnrichment
Updated: 2024-08-28T16:02:27.423Z
NVD
Status : Analyzed
Published: 2024-08-24T04:15:07.370
Modified: 2024-09-26T22:07:50.040
Link: CVE-2024-6499
Redhat
No data.