Home

Description

The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks.

PUBLISHED Reserved 2024-10-28 | Published 2024-11-18 | Updated 2024-11-19 | Assigner Wordfence




MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-862 Missing Authorization

Product status

Default status
unaffected

* (semver)
affected

Timeline

2024-10-11:Discovered
2024-11-18:Disclosed

Credits

Francesco Carlucci finder

References

www.wordfence.com/...-6b63-4fd9-85d4-82126f86308a?source=cve

plugins.trac.wordpress.org/...ipts/print_php_information.php

cve.org (CVE-2024-10486)

nvd.nist.gov (CVE-2024-10486)

Download JSON