CVE-2019-19983

Name of the Vulnerable Software and Affected Versions Fast Velocity Minify versions prior to 2.7.7

Description The issue allows the full web root path to the running WordPress application to be discovered. To exploit this, FVM Debug Mode must be enabled and an admin-ajax request must call the fastvelocity min files action.

Recommendations For Fast Velocity Minify versions prior to 2.7.7, update to version 2.7.7 or later to resolve the issue. As a temporary workaround, consider disabling FVM Debug Mode until a patch is available. Restrict access to admin-ajax requests calling the fastvelocity min files action to minimize the risk of exploitation.