CVE-2024-0212 Cloudflare WordPress plugin enables information disclosure of Cloudflare API (for low privileged users)

🗓️ 29 Jan 2024 09:13:44Reported by cloudflareType

Cloudflare WordPress plugin enables information disclosure of Cloudflare API for low privileged users

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2024-0212	29 Jan 202411:26	–	circl
CNNVD	Wordpress plugin Cloudflare security vulnerability	29 Jan 202400:00	–	cnnvd
CVE	CVE-2024-0212	29 Jan 202409:13	–	cve
EUVD	EUVD-2024-16011	3 Oct 202520:07	–	euvd
NVD	CVE-2024-0212	29 Jan 202410:15	–	nvd
Patchstack	WordPress CloudFlare Plugin <= 4.12.2 is vulnerable to Sensitive Data Exposure	31 Jan 202400:00	–	patchstack
Prion	Authentication flaw	29 Jan 202410:15	–	prion
RedhatCVE	CVE-2024-0212	4 Feb 202523:09	–	redhatcve
Vulnrichment	CVE-2024-0212 Cloudflare WordPress plugin enables information disclosure of Cloudflare API (for low privileged users)	29 Jan 202409:13	–	vulnrichment
WPVulnDB	Cloudflare < 4.12.3 - Missing Authorization via initProxy	6 Feb 202400:00	–	wpvulndb

[
  {
    "defaultStatus": "unaffected",
    "packageName": "Cloudflare-WordPress",
    "platforms": [
      "Wordpress"
    ],
    "product": "Cloudflare-WordPress",
    "repo": "https://github.com/cloudflare/Cloudflare-WordPress",
    "vendor": "Cloudflare",
    "versions": [
      {
        "changes": [
          {
            "at": "4.12.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "4.12.2",
        "status": "affected",
        "version": "0",
        "versionType": "patch"
      }
    ]
  }
]

Source	Link
github	www.github.com/cloudflare/Cloudflare-WordPress/releases/tag/v4.12.3
github	www.github.com/cloudflare/Cloudflare-WordPress/security/advisories/GHSA-h2fj-7r3m-7gf2

29 Jan 2024 09:13Current

8.1High risk

Vulners AI Score8.1

CVSS 3.18.1

EPSS0.00848

CWE-284