CVE-2024-6544

Name of the Vulnerable Software and Affected Versions Custom Post Limits plugin for WordPress versions up to, and including, 4.4.1

Description The Custom Post Limits plugin for WordPress is vulnerable to full path disclosure. This issue arises because the plugin utilizes bootstrap and leaves test files with display errors on, making it possible for unauthenticated attackers to retrieve the full path of the web application. Although the information displayed is not useful on its own, it can aid other attacks if another vulnerability is present.

Recommendations For versions up to, and including, 4.4.1: Update the plugin immediately to prevent potential exploitation. Additionally, monitor for signs of compromise as a precautionary measure. As a temporary workaround, consider disabling the display errors feature in the plugin's configuration until a patch is available.