CVE-2024-6567: 
WordPress vulnerability analysis and mitigation

The Ebook Store plugin for WordPress contains a Full Path Disclosure vulnerability (CVE-2024-6567) affecting all versions up to and including 5.8001. The vulnerability was discovered and disclosed on August 1, 2024 (NVD, Wordfence).

The vulnerability exists due to the plugin utilizing fpdi-protection and not preventing direct access to test files that have display_errors set to true. This configuration issue allows unauthenticated attackers to retrieve the full path of the web application. The vulnerability has been assigned a CVSS v3.1 base score of 5.3 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) and is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD).

The vulnerability allows attackers to obtain the full path of the web application. While this information alone is not directly harmful, it can be used to aid other attacks. The disclosed path information requires another vulnerability to be present for any significant damage to occur to an affected website (NVD).

Website administrators running the Ebook Store plugin should update to a version newer than 5.8001 once available. In the meantime, it is recommended to restrict access to the plugin's test files and disable display_errors in PHP configuration (NVD).