A vulnerability was found in Web Directory Free Plugin up to 1.7.2 on WordPress. It has been classified as critical. Affected is the function
include
. The manipulation leads to path traversal.
This vulnerability is traded as CVE-2024-3673. The attack needs to be done within the local network. There is no exploit available.
It is recommended to upgrade the affected component.