Lucene search
HistoryJul 09, 2024 - 9:15 a.m.
CVE-2024-3228
wordpress
information exposure
kiwi plugin
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
17.2%
The Social Sharing Plugin – Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the ‘kiwi-nw-pinterest’ class. This makes it possible for unauthenticated attackers to view limited content from password protected posts.
Affected configurations
Node
wpkubekiwi_social_shareRange<2.1.8wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wpkube | kiwi_social_share | * | cpe:2.3:a:wpkube:kiwi_social_share:*:*:*:*:wordpress:*:*:* |
Related
vulnrichment
vulnrichment
CVE-2024-3228 Social Sharing Plugin – Kiwi <= 2.1.7 - Information Disclosure
2024-07-09 08:33:07
cvelist
cvelist
CVE-2024-3228 Social Sharing Plugin – Kiwi <= 2.1.7 - Information Disclosure
2024-07-09 08:33:07
cve
cve
CVE-2024-3228
2024-07-09 09:15:04
wordfence
wordfence
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
17.2%
Related for NVD:CVE-2024-3228