CVE-2024-12535

Name of the Vulnerable Software and Affected Versions Host PHP Info plugin for WordPress versions up to, and including, 1.0.4

Description The issue allows unauthorized access to data due to a missing capability check when including the phpinfo function. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the issue to be exploited.

Recommendations For versions up to, and including, 1.0.4, consider disabling the phpinfo function until a patch is available to prevent unauthorized access to server data. As a temporary workaround, restrict access to the plugin to minimize the risk of exploitation.