CVE-2024-13538

Name of the Vulnerable Software and Affected Versions BigBuy Dropshipping Connector for WooCommerce plugin for WordPress versions up to, and including, 1.9.19

Description The vulnerability is due to the /vendor/cocur/slugify/bin/generate-default.php file being directly accessible and triggering an error, making it possible for unauthenticated attackers to retrieve the full path of the web application. This information can be used to aid other attacks, but it is not useful on its own and requires another vulnerability to be present for damage to an affected website.

Recommendations For versions up to, and including, 1.9.19, consider restricting access to the /vendor/cocur/slugify/bin/generate-default.php file to minimize the risk of exploitation. As a temporary workaround, consider disabling direct access to this file until a patch is available.