CVE-2024-6557

🗓️ 16 Jul 2024 05:15:15Reported by [email protected]Type

The SchedulePress plugin for WordPress up to version 5.1.3 is vulnerable to Full Path Disclosure due to demo files left in place, allowing unauthenticated attackers to retrieve the full path of the web application

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 5
CVE	CVE-2024-6557	16 Jul 202405:15	–	cve
Patchstack	WordPress SchedulePress Plugin <= 5.1.3 is vulnerable to Sensitive Data Exposure	16 Jul 202400:00	–	patchstack
Vulnrichment	CVE-2024-6557 SchedulePress <= 5.1.3 - Unauthenticated Full Path Disclosure	16 Jul 202404:31	–	vulnrichment
Cvelist	CVE-2024-6557 SchedulePress <= 5.1.3 - Unauthenticated Full Path Disclosure	16 Jul 202404:31	–	cvelist
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (July 15, 2024 to July 21, 2024)	25 Jul 202414:49	–	wordfence

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/f80fa8b3-f345-4b3f-8a16-ee9f19b07a0b
plugins	www.plugins.trac.wordpress.org/browser/wp-scheduled-posts/trunk/vendor/wpdevelopers/pinterest-api-php/demo/boot.php
plugins	www.plugins.trac.wordpress.org/changeset

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 Jul 2024 05:15Current

CVSS35.3

EPSS0.00348