7.5
CVE-2024-13773
- EPSS 0.26%
- Veröffentlicht 14.03.2025 11:15:53
- Zuletzt bearbeitet 27.03.2025 01:07:51
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginCivi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Sensitive Information Exposure
Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.4 - Sensitive Information Exposure
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including LinkedIn client and secret keys.
Mögliche Gegenmaßnahme
Civi - Job Board & Freelance Marketplace WordPress Theme: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.166 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| security@wordfence.com | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
CWE-321 Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.
https://www.wordfence.com/threat-intel/vulnerabilities/id/e3499182-7501-4fec-a7c6-b66ae47533cd?source=cve
http://localhost:1337/wp-content/themes/civi/includes/class-init.php#L36
https://www.wordfence.com/threat-intel/vulnerabilities/id/e3499182-7501-4fec-a7c6-b66ae47533cd