Lucene search

[email protected]NVD:CVE-2024-2950

HistoryApr 06, 2024 - 4:15 a.m.

CVE-2024-2950

2024-04-0604:15:11

[email protected]

web.nvd.nist.gov

boldgrid easy seo

vulnerability

sensitive information

wordpress

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.14 via meta information (og:description) This makes it possible for unauthenticated attackers to view the first 130 characters of a password protected post which can contain sensitive information.

References

plugins.trac.wordpress.org/browser/boldgrid-easy-seo/tags/1.6.15/includes/class-boldgrid-seo-admin.php?rev=3064911

www.wordfence.com/threat-intel/vulnerabilities/id/d502e617-a59f-4385-b050-3702a1b1ed7e?source=cve

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2024-2950

cve1 cvelist1 wpvulndb1 wordfence1