CVE-2024-13374: 
WordPress vulnerability analysis and mitigation

The WP Table Manager plugin for WordPress contains a vulnerability (CVE-2024-13374) related to unauthorized access discovered in versions up to and including 4.1.3. The vulnerability stems from a missing capability check on the thewptm_getFolders AJAX action, which allows authenticated attackers with Subscriber-level access or higher to read arbitrary file names and directories (NVD).

The vulnerability is classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 base score of 6.5 (MEDIUM) according to NVD's assessment, while Wordfence rates it at 4.3 (MEDIUM). The vulnerability specifically affects the AJAX action 'thewptm_getFolders' which lacks proper capability checks, potentially exposing sensitive directory information to authenticated users (NVD).

When exploited, this vulnerability allows authenticated attackers with Subscriber-level privileges or higher to read arbitrary file names and directories on the affected WordPress installation. This could potentially lead to information disclosure and help attackers gather intelligence about the system's file structure (NVD).

Website administrators running affected versions of WP Table Manager should upgrade to a version newer than 4.1.3 to address this vulnerability. The issue has been fixed in subsequent releases (NVD, JoomUnited).