CVE-2024-35682: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2024-35682) affects Themeisle's Otter Blocks PRO WordPress plugin versions up to 2.6.11. It is classified as a Sensitive Information Exposure vulnerability that allows authenticated users with Subscriber-level access or higher to access sensitive information that should not be available to regular users (WPScan, Patchstack). The vulnerability was discovered and reported by Dave Jong on April 28, 2024, and was publicly disclosed on June 6, 2024.

The vulnerability has received varying CVSS scores from different sources. The National Vulnerability Database (NVD) assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, while Patchstack rated it at 4.3 (Low) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. The vulnerability is categorized under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD).

The vulnerability could allow malicious actors to extract sensitive user or configuration data that is normally not accessible to regular users. This exposure of sensitive information could potentially be leveraged to exploit other weaknesses in the system (Patchstack).

The vulnerability has been fixed in version 2.6.12 of the Otter Blocks PRO plugin. Users are advised to update to version 2.6.12 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins as an additional security measure (Patchstack).