High severity7.5NVD Advisory· Published May 17, 2025· Updated Jun 17, 2026
CVE-2024-13613
CVE-2024-13613
Description
The Wise Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.3 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which can contain file attachments included in chat messages. The vulnerability was partially patched in version 3.3.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 0
Patches
Vulnerability mechanics
References
4- plugins.trac.wordpress.org/changeset/3268074/nvdPatch
- plugins.trac.wordpress.org/changeset/3288680/nvdPatch
- www.wordfence.com/threat-intel/vulnerabilities/id/f70dabb4-3ae6-43cf-86e2-62ac1454b697nvdThird Party Advisory
- plugins.trac.wordpress.org/browser/wise-chat/trunk/src/services/WiseChatAttachmentsService.phpnvdProduct
News mentions
0No linked articles in our index yet.