CVE-2024-9546

Name of the Vulnerable Software and Affected Versions WPIDE – File Manager & Code Editor plugin for WordPress versions up to, and including, 3.4.9

Description The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure. This issue arises from the plugin's utilization of the PHP-Parser library, which outputs parser rebuild command execution results, allowing unauthenticated attackers to retrieve the full path of the web application. This information, while not useful on its own, can aid other attacks when combined with another vulnerability.

Recommendations For versions up to, and including, 3.4.9, update to a version later than 3.4.9 to resolve the issue. As a temporary workaround, consider restricting access to the PHP-Parser library until a patch is available.