The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.3.This is due to the plugin utilizing wpdesk and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
History

Wed, 14 Aug 2024 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Wp-meteor
Wp-meteor wp Meteor
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:wp-meteor:wp_meteor:*:*:*:*:*:wordpress:*:*
Vendors & Products Wp-meteor
Wp-meteor wp Meteor

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-07-24T06:42:22.418Z

Updated: 2024-08-01T21:41:03.501Z

Reserved: 2024-07-08T14:17:23.594Z

Link: CVE-2024-6553

cve-icon Vulnrichment

Updated: 2024-08-01T21:41:03.501Z

cve-icon NVD

Status : Modified

Published: 2024-07-24T07:15:02.350

Modified: 2024-11-21T09:49:52.380

Link: CVE-2024-6553

cve-icon Redhat

No data.