CVE-2024-1076 SSL Zen <= 4.5.3 - Unauthenticated Private Keys Access

2024-05-0806:00:02

WPScan

www.cve.org

ssl zen wordpress nginx .

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

The SSL Zen WordPress plugin before 4.6.0 only relies on the use of .htaccess to prevent visitors from accessing the site’s generated private keys, which allows an attacker to read them if the site runs on a server who doesn’t support .htaccess files, like NGINX.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "SSL Zen ",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "4.6.0"
      }
    ],
    "defaultStatus": "unaffected"
  }
]