CVE-2024-13550

Name of the Vulnerable Software and Affected Versions ABC Notation plugin for WordPress versions up to, and including, 6.1.3

Description The issue allows authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information, via the file attribute of the "abcjs" shortcode. This enables access to confidential data.

Recommendations For versions up to, and including, 6.1.3, update to a version higher than 6.1.3 to resolve the issue. As a temporary workaround, consider restricting access to the abcjs shortcode or disabling it until a patch is available. Avoid using the file attribute in the "abcjs" shortcode until the issue is resolved.