CVE-2024-49285: 
WordPress vulnerability analysis and mitigation

A Local File Inclusion vulnerability (CVE-2024-49285) was discovered in Moridrin SSV MailChimp WordPress plugin affecting versions through 3.1.5. The vulnerability was reported on September 4, 2024, and publicly disclosed on October 15, 2024 (Patchstack).

The vulnerability is classified as a Path Traversal issue (CWE-22) that allows PHP Local File Inclusion. It received a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability can be exploited without authentication, though it requires user interaction (Patchstack).

This vulnerability could allow a malicious actor to include local files of the target website and display their contents. Particularly sensitive files containing credentials, such as database configuration files, could be exposed, potentially leading to complete database compromise depending on the server configuration (Patchstack).

No official fix is currently available as the software appears to be abandoned. The recommended mitigation steps include either removing and replacing the software with an alternative solution, or implementing virtual patching through security solutions like Patchstack that can block potential attacks (Patchstack).