Lucene search

CVE-2024-6554

🗓️ 11 Jul 2024 04:06:15Reported by WordfenceType

The Branda – White Label WordPress plugin for WordPress has a Full Path Disclosure vulnerability up to version 3.4.18 due to improper use of composer

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 5
NVD	CVE-2024-6554	11 Jul 202404:15	–	nvd
Vulnrichment	CVE-2024-6554 Branda – White Label WordPress, Custom Login Page Customizer <= 3.4.18 - Unauthenticated Full Path Disclosure	11 Jul 202403:33	–	vulnrichment
Patchstack	WordPress Branda Plugin <= 3.4.18 is vulnerable to Full Path Disclosure (FPD)	11 Jul 202400:00	–	patchstack
Cvelist	CVE-2024-6554 Branda – White Label WordPress, Custom Login Page Customizer <= 3.4.18 - Unauthenticated Full Path Disclosure	11 Jul 202403:33	–	cvelist
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (July 8, 2024 to July 14, 2024)	18 Jul 202415:33	–	wordfence

Nvd

Vulners

Vulnrichment

Node

wpmudev brandaRange<3.4.19wordpress

[
  {
    "vendor": "wpmudev",
    "product": "Branda – White Label WordPress, Custom Login Page Customizer",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "3.4.18",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset
plugins	www.plugins.trac.wordpress.org/browser/branda-white-labeling/trunk/misc/composer/prefix-fixer.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/0a79eb25-a7d1-4102-97e6-8fa8db9ed03e

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

11 Jul 2024 04:15Current

5.5Medium risk

Vulners AI Score5.5

CVSS35.3

EPSS0.00433

SSVC