The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.18. This is due the plugin utilizing composer without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-07-11T03:33:18.987Z

Updated: 2024-08-01T21:41:03.498Z

Reserved: 2024-07-08T14:21:10.292Z

Link: CVE-2024-6554

cve-icon Vulnrichment

Updated: 2024-08-01T21:41:03.498Z

cve-icon NVD

Status : Modified

Published: 2024-07-11T04:15:06.387

Modified: 2024-11-21T09:49:52.523

Link: CVE-2024-6554

cve-icon Redhat

No data.