7.5
CVE-2024-3679
- EPSS 1.17%
- Veröffentlicht 29.08.2024 13:15:06
- Zuletzt bearbeitet 19.09.2024 22:10:25
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginPremium SEO Pack – WP SEO Plugin <= 1.6.002 - Unauthenticated Information Exposure
The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.001. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data.
Mögliche Gegenmaßnahme
Premium SEO Pack – WP SEO Plugin: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Premium SEO Pack – WP SEO Plugin
Version
*-1.6.002
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Squirrly ≫ Wp Seo Plugin SwPlatformwordpress Version <= 1.6.001
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.17% | 0.783 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| security@wordfence.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.