2 matches found
CVE-2024-7411
creationtimestamp| type| source ---|---|--- 2024-08-15 10:57:13+00:00| seen| https://t.me/cvedetector/3231...
CVE-2024-7411 Newsletters <= 4.9.9 - Unauthenticated Full Path Disclosure
The Newsletters plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.9.9. This is due the plugin not preventing direct access to the /vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php. This makes it possible for unauthenticated attackers to...