CVE-2024-13613

Name of the Vulnerable Software and Affected Versions: Wise Chat plugin for WordPress versions prior to 3.3.4

Description: The issue allows unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory, which can contain file attachments included in chat messages. This is possible due to the exposure of sensitive information in all versions up to, and including, 3.3.3 via the 'uploads' directory.

Recommendations: For Wise Chat plugin for WordPress versions prior to 3.3.4, update to version 3.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the /wp-content/uploads directory to minimize the risk of exploitation.