CVE-2024-7415: 
WordPress vulnerability analysis and mitigation

The Remember Me Controls plugin for WordPress contains a Full Path Disclosure vulnerability (CVE-2024-7415) affecting all versions up to and including 2.0.1. The vulnerability was discovered and reported by researcher stealthcopter, with disclosure occurring on September 5, 2024 (NVD).

The vulnerability exists due to the plugin allowing direct access to the bootstrap.php file which has display_errors enabled. This configuration exposes the full path of the web application to unauthenticated attackers. The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (NVD).

The vulnerability allows unauthenticated attackers to retrieve the full path of the web application. While this information disclosure alone is not directly harmful, it can be used to aid other attacks. The exposed information requires another vulnerability to be present for any potential damage to the affected website (NVD).

The vulnerability has been fixed in version 2.1 of the Remember Me Controls plugin. Site administrators should update to this version to mitigate the vulnerability. The fix includes hardening measures to prevent direct web access to bootstrap.php (WordPress Plugin).