Vulners
Lucene search
Campaign Monitor for WordPress - Information Disclosure
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | CVE-2024-6569 | 27 Jul 202411:36 | – | circl |
 | WordPress plugin Campaign Monitor for WordPress 安全漏洞 | 27 Jul 202400:00 | – | cnnvd |
 | CVE-2024-6569 | 27 Jul 202408:36 | – | cve |
 | CVE-2024-6569 Campaign Monitor for WordPress <= 2.8.15 - Unauthenticated Full Path Disclosure | 27 Jul 202408:36 | – | cvelist |
 | EUVD-2024-47641 | 3 Oct 202520:07 | – | euvd |
 | CVE-2024-6569 | 27 Jul 202409:15 | – | nvd |
 | WordPress Campaign Monitor for WordPress plugin <= 2.8.15 - Unauthenticated Full Path Disclosure vulnerability | 29 Jul 202402:35 | – | patchstack |
| WordPress Campaign Monitor for WordPress Plugin <= 2.8.15 is vulnerable to Sensitive Data Exposure | 29 Jul 202400:00 | – | patchstack |
 | PT-2024-37725 | 27 Jul 202400:00 | – | ptsecurity |
 | CVE-2024-6569 | 23 May 202508:00 | – | redhatcve |
10
id: CVE-2024-6569
info:
name: Campaign Monitor for WordPress - Information Disclosure
author: aushack
severity: medium
description: |
Campaign Monitor for WordPress plugin for WordPress versions up to 2.8.15 contains a full path disclosure caused by improper access restriction and enabled display_errors in /forms/views/admin/create.php, letting unauthenticated attackers retrieve server paths, exploit requires display_errors to be enabled.
impact: |
Attackers can obtain server file paths, aiding in further exploitation of the website.
remediation: |
Update to the latest version of the plugin where the issue is fixed, or disable display_errors and restrict access to the affected file.
reference:
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/forms-for-campaign-monitor/campaign-monitor-for-wordpress-2815-unauthenticated-full-path-disclosure
- https://wordpress.org/plugins/forms-for-campaign-monitor/
- https://nvd.nist.gov/vuln/detail/CVE-2024-6569
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2024-6569
epss-score: 0.00849
epss-percentile: 0.53289
cwe-id: CWE-200
metadata:
verified: true
max-request: 2
publicwww-query: "/wp-content/plugins/forms-for-campaign-monitor/"
tags: cve,cve2024,wordpress,wp-plugin,fpd,campaigns,misconfig
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/forms-for-campaign-monitor/forms/views/admin/create.php"
matchers:
- type: dsl
dsl:
- 'contains_all(body, "Fatal error", "Uncaught Error") || contains_all(body, "Stack trace")'
- 'contains(body, "forms-for-campaign-monitor")'
- 'status_code == 200 || status_code == 500'
condition: and
# digest: 4b0a00483046022100a0ba77140542c13684c98f18d2125f7844bc300b87a3a1c5d383981c7b3477f8022100ae87e0b055b51af23478ade679afd1ab8ca3dfd19595ecd02fa647bd30f94fdc:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 Jun 2026 07:22Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.15.3
EPSS0.00849
SSVC