CVE-2024-12152

Name of the Vulnerable Software and Affected Versions MIPL WC Multisite Sync plugin for WordPress versions up to, and including, 1.1.5

Description The issue allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information, through the mipl wc sync download log action. This enables access to confidential data.

Recommendations For versions up to, and including, 1.1.5, update to a version later than 1.1.5 to resolve the issue. As a temporary workaround, consider disabling the mipl wc sync download log action until a patch is available.