CVE-2024-13538 in BigBuy Dropshipping Connector for WooCommerce Pluginالمعلومات

الملخص

بحسب MITRE • 18/02/2025

The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.9.19. This is due the /vendor/cocur/slugify/bin/generate-default.php file being directly accessible and triggering an error. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Wordfence

حجز

20/01/2025

إفشاء

18/02/2025

الاعتدال

تمت الموافقة

إدخال

VDB-296067

CPE

جاهز

CWE

CWE-209 (مؤكد)

CVSS

5.3 (CNA)

EPSS

0.00549

KEV

لا

النشاطات

منخفض جدًا

القطاع

Transportation, Hostingprovider, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2024-13538
NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-13538
CVE Details	https://www.cvedetails.com/cve/CVE-2024-13538/

التالي ▸نظرة عامة ◂ السابق

Might our Artificial Intelligence support you?

Check our Alexa App!