5.3
CVE-2022-1186
- EPSS 1.08%
- Veröffentlicht 19.04.2022 21:15:13
- Zuletzt bearbeitet 08.04.2026 17:16:42
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginBe POPIA Compliant <= 1.1.5 - Sensitive Information Exposure
Be POPIA Compliant <= 1.1.5 - Sensitive Information Exposure
The WordPress plugin Be POPIA Compliant exposed sensitive information to unauthenticated users consisting of site visitors emails and usernames via an API route, in versions up to an including 1.1.5.
Mögliche Gegenmaßnahme
Be POPIA Compliant: Update to version 1.1.16, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Web-x ≫ Be Popia Compliant SwPlatformwordpress Version <= 1.1.5
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Be POPIA Compliant
Version
*-1.1.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.08% | 0.608 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| security@wordfence.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2701343%40be-popia-compliant&new=2701343%40be-popia-compliant&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/0fcdd6b5-a273-4916-a894-a753be0a7921?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/0fcdd6b5-a273-4916-a894-a753be0a7921