CVE-2019-19983
MEDIUMFast Velocity Minify < 2.7.7 - Exposure of Sensitive Information via Debug Mode
Title source: llmDescription
In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full web root path to the running WordPress application can be discovered. In order to exploit this vulnerability, FVM Debug Mode needs to be enabled and an admin-ajax request needs to call the fastvelocity_min_files action.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/9914
Exploit, Third Party Advisory x_refsource_misc
https://www.wordfence.com/blog/2019/10/medium-severity-vulnerability-patched-in-fast-velocity-minify-plugin/
Scores
CVSS v3
4.3
EPSS
0.0116
EPSS Percentile
63.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
fastvelocity/minify
< 2.7.7
Published
Dec 26, 2019
Tracked Since
Feb 18, 2026