CVE-2024-6570: 
WordPress vulnerability analysis and mitigation

The Glossary plugin for WordPress contains a Full Path Disclosure vulnerability affecting all versions up to and including 2.2.26. The vulnerability was discovered and disclosed on July 16, 2024 (NVD). The issue affects WordPress installations using the Glossary plugin developed by Codeat.

The vulnerability stems from the plugin's usage of wpdesk library and its failure to prevent direct access to test files while having display_errors enabled. The vulnerability has been assigned a CVSS v3.1 score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating network accessibility with low attack complexity and no required privileges or user interaction (NVD).

When exploited, this vulnerability allows unauthenticated attackers to retrieve the full path of the web application. While the exposed information alone is not directly harmful, it can be leveraged to aid other attacks. The disclosure of full path information could provide attackers with valuable system information that could be used in conjunction with other vulnerabilities (NVD).

Website administrators running the affected versions of the Glossary plugin should update to a version newer than 2.2.26 when available. In the meantime, it is recommended to disable display_errors in PHP configuration and implement proper access controls to prevent direct access to test files (NVD).