CVE-2024-6556: 
WordPress vulnerability analysis and mitigation

The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to Full Path Disclosure in versions up to and including 3.10.8. This vulnerability was discovered and reported by Wordfence, with the initial disclosure made on July 10, 2024 (NVD).

The vulnerability stems from the plugin's implementation of mobiledetect without proper access control mechanisms to prevent direct file access. The issue has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating that it can be exploited remotely without requiring privileges or user interaction (NVD).

When exploited, the vulnerability allows unauthenticated attackers to retrieve the full path of the web application. While the exposed information alone is not directly harmful, it could be leveraged to aid in other attacks against the affected website when combined with additional vulnerabilities (NVD).

Website administrators running affected versions of the SmartCrawl WordPress SEO plugin should update to a version newer than 3.10.8 when available. The vulnerability has been addressed in the WordPress plugin repository (WordPress Plugin).