CVE-2024-3673

Name of the Vulnerable Software and Affected Versions Web Directory Free WordPress plugin versions prior to 1.7.3

Description The issue is related to a Local File Inclusion problem. It occurs because the plugin does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues. Unauthenticated attackers can exploit this to access sensitive server files.

Recommendations For versions prior to 1.7.3, update to version 1.7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive server files until the update is applied.