CVE-2024-50512: 
WordPress vulnerability analysis and mitigation

A Full Path Disclosure (FPD) vulnerability was identified in the WordPress Posti Shipping plugin, tracked as CVE-2024-50512. The vulnerability affects versions up to 3.10.2 of the Posti Shipping plugin and was discovered by Fariq Fadillah Gusti Insani on October 21, 2024. The issue was publicly disclosed on October 28, 2024, and involves the generation of error messages containing sensitive information (Patchstack Database).

The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. It is classified under CWE-209 (Generation of Error Message Containing Sensitive Information) and requires no authentication to exploit (Patchstack Database).

The vulnerability could allow malicious actors to discover the full path of folders or files within the system. This information disclosure could potentially be leveraged to exploit other weaknesses in the system, though the specific impact may vary case by case. The vulnerability has been categorized as having a low severity impact (Patchstack Database).

The vulnerability has been patched in version 3.10.3 of the Posti Shipping plugin. Users are advised to update to version 3.10.3 or later to remediate the vulnerability. The security issue is considered to have a low severity impact and is unlikely to be exploited (Patchstack Database).