CVE-2024-49252: 
WordPress vulnerability analysis and mitigation

A Full Path Disclosure (FPD) vulnerability was identified in the WordPress Leyka plugin, tracked as CVE-2024-49252. The vulnerability affects versions up to 3.31.6 of the Leyka plugin developed by Teplitsa of social technologies. The issue was discovered by researcher Trương Hữu Phúc and was published on October 14, 2024 (Patchstack).

The vulnerability is classified as a Security Misconfiguration issue under the OWASP Top 10 (A5) category. It received a CVSS v3.1 Base Score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The vulnerability is categorized under CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere) (Patchstack).

The Full Path Disclosure vulnerability could allow a malicious actor to discover the complete path of folders or files within the system. This information disclosure could potentially be leveraged to exploit other weaknesses in the system (Patchstack).

The vulnerability has been fixed in version 3.31.7 of the Leyka plugin. Users are advised to update to version 3.31.7 or later to remediate this security issue (Patchstack).