CVE-2024-12159: 
WordPress vulnerability analysis and mitigation

The Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords plugin for WordPress contains an Information Exposure vulnerability (CVE-2024-12159) affecting all versions up to and including 3.1. The vulnerability was disclosed on January 7, 2025 and has been assigned a CVSS v3.1 base score of 5.3 (Medium) (NVD, Wordfence).

The vulnerability exists due to the printphpinformation.php file being publicly accessible. This file exposure vulnerability is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The vulnerability has been assigned a CVSS v3.1 vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating network accessibility, low attack complexity, and no requirements for privileges or user interaction (NVD).

The vulnerability allows unauthenticated attackers to extract sensitive configuration data from the affected WordPress installations. This exposed information could potentially be leveraged in subsequent attacks against the system (NVD).

Users should upgrade to a version newer than 3.1 when available or remove the plugin if it's not essential for operations (NVD).