CVE-2019-19983 Information

Description

In the WordPress plugin Fast Velocity Minify before 2.7.7 the full web root path to the running WordPress application can be discovered. In order to exploit this vulnerability FVM Debug Mode needs to be enabled and an admin-ajax request needs to call the fastvelocity_min_files action.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Reference

https://wpvulndb.com/vulnerabilities/9914 https://www.wordfence.com/blog/2019/10/medium-severity-vulnerability-patched-in-fast-velocity-minify-plugin/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

4.3