CVE-2024-1076

The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who...

CVE-2024-1076

The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who...

CVE-2024-1076

CVE-2024-1076 affects the SSL Zen WordPress plugin: versions before 4.6.0 fail to prevent directory listing of private keys because access control relies solely on .htaccess, which may be ignored on servers that don’t support .htaccess (e.g., NGINX). This can let an attacker read private keys. Th...

CVE-2024-1076 SSL Zen <= 4.5.3 - Unauthenticated Private Keys Access

The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who...

CVE-2024-1076 SSL Zen <= 4.5.3 - Unauthenticated Private Keys Access

The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who...

WordPress plugin SSL Zen 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-16523 · WordPress +1 · Ssl Zen Wordpress Plugin +1

Name of the Vulnerable Software and Affected Versions: SSL Zen WordPress plugin versions prior to 4.6.0 Description: The issue arises because the SSL Zen WordPress plugin relies solely on .htaccess to prevent access to the site's generated private keys. This poses a problem for servers that do no...

WordPress SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress Plugin <= 4.5.3 is vulnerable to Sensitive Data Exposure

Software SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress Type Plugin Vulnerable versions = 4.5.3 Fixed in 4.6.0 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2024-1076 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID...

SSL Zen <= 4.5.3 - Unauthenticated Private Keys Access

Description The plugin only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX. Install the plugin on a server that doesn't support...

SSL Zen <= 4.5.3 - Unauthenticated Private Keys Access

Description The plugin only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX. PoC Install the plugin on a server that doesn't...

WordPress SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress plugin <= 4.0.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress plugin versions = 4.0.4. Solution Update the WordPress SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress plugin to the latest...

WordPress SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress plugin <= 4.0.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress plugin versions = 4.0.4. Solution Update the WordPress SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress plugin to the latest available version at least...