Main Vulnerability Database Vulnerabilities #VU21922

Information disclosure in Fast Velocity Minify - #VU21922

Published: October 17, 2019

Vulnerability identifier: #VU21922

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Raul Peixoto

Affected software:
Fast Velocity Minify

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to missing capability check on the status page ajax request when the option ‘Enable FVM Debug Mode’ is enable. A remote authenticated attacker can gain unauthorized access to sensitive information on the system, such as discover the full web root path to the running WordPress application.

Remediation

Install updates from vendor's website.

Sources

https://www.wordfence.com/blog/2019/10/medium-severity-vulnerability-patched-in-fast-velocity-minify...

Information disclosure in Fast Velocity Minify - #VU21922

Detailed vulnerability description

Remediation

Sources

Please verify you're human