4 matches found
WP Popups - Information Disclosure
WP Popups - WordPress Popup builder plugin for WordPress contains a full path disclosure caused by using mobiledetect without access restrictions, letting unauthenticated attackers retrieve server paths, exploit requires no specific conditions. id: CVE-2024-6555 info: name: WP Popups - Informatio...
CVE-2024-6555
creationtimestamp| type| source ---|---|--- 2024-07-12 09:23:09+00:00| seen| https://t.me/cvedetector/703 2025-12-02 07:41:11+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-6555.yaml 2025-12-02 21:02:32+00:00| seen|...
CVE-2024-6555 WP Popups – WordPress Popup builder <= 2.2.0.1 - Unauthenticated Full Path Disclosure
The WP Popups – WordPress Popup builder plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.0.1. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to...
WordPress WP Popups Plugin <= 2.2.0.1 is vulnerable to Full Path Disclosure (FPD)
Software WP Popups Type Plugin Vulnerable versions = 2.2.0.1 Fixed in 2.2.0.2 OWASP Top 10 A5: Security Misconfiguration Classification Full Path Disclosure FPD CVE CVE-2024-6555 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 91f90e97fc95 Credits stealthcopter Required...