VYPR

No Update Nag

by WordPress

CVEs (1)

  • CVE-2024-7412MedAug 12, 2024
    risk 0.34cvss 5.3epss 0.00

    The No Update Nag plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.12. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers…