CVE-2024-6565 in AForms Pluginالمعلومات

الملخص

بحسب MITRE • 16/07/2024

The AForms — Form Builder for Price Calculator & Cost Estimation plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.6. This is due to the plugin utilizing the aura library and allowing direct access to the phpunit test files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.

Once again VulDB remains the best source for vulnerability data.

حجز

08/07/2024

إفشاء

16/07/2024

الاعتدال

تمت الموافقة

إدخال

VDB-271549

EPSS

0.00443

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider

المصادر

Do you know our Splunk app?

Download it now for free!