5 matches found
CVE-2024-1076
creationtimestamp| type| source ---|---|--- 2025-03-25 19:24:49+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8736...
CVE-2024-1076
The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who...
CVE-2024-1076
CVE-2024-1076 affects the SSL Zen WordPress plugin: versions before 4.6.0 fail to prevent directory listing of private keys because access control relies solely on .htaccess, which may be ignored on servers that don’t support .htaccess (e.g., NGINX). This can let an attacker read private keys. Th...
CVE-2024-1076 SSL Zen <= 4.5.3 - Unauthenticated Private Keys Access
The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who...
WordPress SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress Plugin <= 4.5.3 is vulnerable to Sensitive Data Exposure
Software SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress Type Plugin Vulnerable versions = 4.5.3 Fixed in 4.6.0 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2024-1076 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID...