Lucene search

[email protected]CVE-2024-25591

HistoryMar 17, 2024 - 5:15 p.m.

CVE-2024-25591

2024-03-1717:15:06

CWE-200

[email protected]

web.nvd.nist.gov

cve-2024-25591

vulnerability

sensitive information

unauthorized actor

benjamin rojas

wp editor

nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Benjamin Rojas WP Editor.This issue affects WP Editor: from n/a through 1.2.7.

Affected configurations

Vulners

Node

benjamin_rojaswp_editorRange≤1.2.7

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wp-editor",
    "product": "WP Editor",
    "vendor": "Benjamin Rojas",
    "versions": [
      {
        "changes": [
          {
            "at": "1.2.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.2.7",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wp-editor/wordpress-wp-editor-plugin-1-2-7-sensitive-data-exposure-vulnerability?_s_id=cve

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVE-2024-25591

wpvulndb1 cvelist1 nvd1 wordfence1