What is CVE-2024-6554?

CVE-2024-6554 is a medium-severity vulnerability in Wpmudev Branda, classified under Information Disclosure. CVSS score: 5.3/10. Published 2024-07-11.

How severe is CVE-2024-6554?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Is CVE-2024-6554 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Wpmudev Branda

CVE-2024-6554

The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.18. This is due the plugin utilizing composer without preventing direct a…

Vulnerability class: Information Disclosure

EPSS: 0.005 (35.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Wpmudev Branda
Wpmudev Branda – White Label & Branding, Free Login Page Customizer — versions 0

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

References

security@wordfence.com (Third Party Advisory)
security@wordfence.com (Broken Link)
security@wordfence.com (Patch)

Frequently asked questions

What is CVE-2024-6554?: CVE-2024-6554 is a medium-severity vulnerability in Wpmudev Branda, classified under Information Disclosure. CVSS score: 5.3/10. Published 2024-07-11.
How severe is CVE-2024-6554?: Medium severity. CVSS v3 base score is 5.3 out of 10.
Is CVE-2024-6554 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.