WordPress Plugin Vulnerabilities

Google for WooCommerce < 2.8.7 - Information Disclosure via Publicly Accessible PHP Info File

Description

The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks.

Affects Plugins

Plugin icon
google-listings-and-ads
Fixed in 2.8.7

References

CVE
CVE-2024-10486
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/64bc7d47-6b63-4fd9-85d4-82126f86308a

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Francesco Carlucci
Verified
No
WPVDB ID
df2f9f1a-b66e-4ce2-9fff-a04b38ab2974

Timeline

Publicly Published
2024-11-18 (about 1 year ago)
Added
2024-11-18 (about 1 year ago)
Last Updated
2024-11-18 (about 1 year ago)

Other

Published
Title
Published
2026-02-11
Title
FullCalendar <= 1.6 - Missing Authorization
Published
2025-12-31
Title
Hotel Booking <= 3.8 - Missing Authorization
Published
2025-11-15
Title
Appointment Booking Calendar < 1.3.96 - Missing Authorization
Published
2025-03-18
Title
LifterLMS < 8.0.2 - Missing Authorization to Unauthenticated Post Trashing
Published
2026-01-19
Title
PostX < 5.0.4 - Missing Authorization