CVE-2024-44018: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2024-44018) affects the Instant Chat Floating Button for WordPress Websites plugin versions through 1.0.5. It is classified as a Path Traversal vulnerability that allows PHP Local File Inclusion. The vulnerability was discovered and reported by researcher tahu.datar on September 3, 2024, and was publicly disclosed on September 24, 2024 (Patchstack).

The vulnerability is categorized as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and has received a CVSS v3.1 base score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability can be exploited remotely, requires high attack complexity, needs no privileges, but does require user interaction (NVD).

The vulnerability could allow an attacker to include local files of the target website and display their contents. This could potentially expose sensitive information, including database credentials, which might lead to complete database compromise depending on the configuration (Patchstack).

Currently, there is no official fix available for this vulnerability. Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available. Website administrators are advised to implement immediate mitigation measures or consider removing the plugin until a patch is released (Patchstack).