6.5
CVE-2024-1076
- EPSS 0.23%
- Veröffentlicht 08.05.2024 06:15:06
- Zuletzt bearbeitet 17.06.2025 18:53:43
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginSSL Zen – Free Let's Encrypt SSL Certificate & HTTPS/SSL Redirect WordPress Plugin <= 4.5.0 - Sensitive Information Exposure
The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX.
Mögliche Gegenmaßnahme
SSL Zen — SSL Certificate Installer & HTTPS Redirects: Update to version 4.6.0, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
SSL Zen — SSL Certificate Installer & HTTPS Redirects
Version
*-4.5.0
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.462 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.