CVE-2024-6548: 
WordPress vulnerability analysis and mitigation

The Add Admin JavaScript plugin for WordPress is vulnerable to Full Path Disclosure in versions up to and including 2.0 (CVE-2024-6548). The vulnerability was discovered and reported by Wordfence, with a CVSS v3.1 base score of 5.3 (Medium). This security flaw stems from the plugin's utilization of bootstrap and test files with display_errors enabled (Wordfence).

The vulnerability is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The issue allows unauthenticated attackers to retrieve the full path of the web application through test files with display_errors enabled. The vulnerability has been assigned a CVSS v3.1 Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating network accessibility with low attack complexity and no privileges required (NVD).

The vulnerability enables attackers to obtain the full path of the web application, which could potentially aid in other attacks. However, the disclosed information alone is not sufficient to cause damage to affected websites and requires the presence of additional vulnerabilities to be effectively exploited (NVD).

Website administrators running the Add Admin JavaScript plugin should update to a version newer than 2.0 when available. In the meantime, considering the potential security risk, it is recommended to consider removing or disabling the plugin if it's not essential for website operations (NVD).