CVE-2024-7426

Name of the Vulnerable Software and Affected Versions The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress versions up to, and including, 6.4.6.0

Description The issue is related to Full Path Disclosure, where the plugin displays errors and allows direct access to the sse.php file, making it possible for unauthenticated attackers to retrieve the full path of the web application. This information can be used to aid other attacks, but it requires another vulnerability to be present for damage to an affected website.

Recommendations For versions up to, and including, 6.4.6.0, consider disabling direct access to the sse.php file as a temporary workaround until a patch is available. Restrict access to error messages that could disclose the full path of the web application to minimize the risk of exploitation.