CVE-2024-52449: 
WordPress vulnerability analysis and mitigation

A Local File Inclusion vulnerability (CVE-2024-52449) was discovered in Navneil Naicer Bootscraper plugin versions through 2.1.0. The vulnerability is related to improper limitation of a pathname to a restricted directory (Path Traversal), which allows PHP Local File Inclusion (Patchstack).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and affects the WordPress Bootscraper plugin versions up to and including 2.1.0 (Patchstack).

This vulnerability could allow a malicious actor to include local files of the target website and display their contents. Particularly sensitive files containing credentials, such as database configuration files, could be exposed, potentially leading to complete database compromise depending on the system configuration (Patchstack).

Users are strongly advised to update to version 4.0.0 or later which contains the fix for this vulnerability. For temporary mitigation, Patchstack has issued a virtual patch to protect against potential attacks until the update can be applied (Patchstack).