CVE-2024-6556

Name of the Vulnerable Software and Affected Versions SmartCrawl WordPress SEO checker plugin versions up to, and including, 3.10.8

Description The issue is due to the plugin utilizing mobiledetect without preventing direct access to the files, making it possible for unauthenticated attackers to retrieve the full path of the web application. This information can be used to aid other attacks, but it requires another vulnerability to be present for damage to an affected website.

Recommendations For versions up to, and including, 3.10.8, update to a version later than 3.10.8 to resolve the issue. As a temporary workaround, consider restricting access to the mobiledetect files until a patch is available.