3 matches found
CVE-2020-13764
common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because userpass is not considered a special case for a $currentuser-get$property call...
CVE-2020-13764
common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because userpass is not considered a special case for a $currentuser-get$property call...
CVE-2020-13764
The CVE-2020-13764 entry documents an information-disclosure vulnerability in the WordPress Gravity Forms plugin prior to version 2.4.9. The issue arises because common.php exposes hashed passwords by not treating user_pass as a special case for $current_user->get($property), allowing potentia...