WordPress Plugin Vulnerabilities

Mollie Payments for WooCommerce < 7.8.0 - Unauthenticated Full Path Disclosure

Description

The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 7.7.0. This is due to the error reporting being enabled by default in multiple plugin files. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use.

Affects Plugins

Plugin icon
mollie-payments-for-woocommerce
Fixed in 7.8.0

References

CVE
CVE-2024-6448
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/0c98026c-28a9-4c69-9f34-4c3bd4f75d85

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
stealthcopter
Verified
No
WPVDB ID
50ef2d41-f358-4123-b5e9-7c438b8d922a

Timeline

Publicly Published
2024-08-27 (about 1 year ago)
Added
2024-08-27 (about 1 year ago)
Last Updated
2024-08-28 (about 1 year ago)

Other

Published
Title
Published
2025-09-25
Title
Featured Image from URL (FIFU) < 5.2.8 - Unauthenticated Information Exposure via Log File
Published
2025-12-29
Title
Poptics < 1.0.21 - Authenticated (Contributor+) Information Exposure
Published
2025-02-24
Title
Classified Listing – Classified ads & Business Directory Plugin < 4.0.5 - Unauthenticated Settings Exposure
Published
2025-12-22
Title
Tablesome < 1.1.35.2 - Authenticated (Subscriber+) Information Exposure
Published
2024-07-11
Title
Coming Soon <= 1.6.3 - Unauthenticated Information Exposure