Описание
The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lock_content_form_handler' and 'display_password_form' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view the password protected content.
Ссылки
- Product
- Product
- Product
- Patch
- Patch
- Third Party Advisory
- Product
- Product
- Product
- Patch
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.7.3 (включая)
cpe:2.3:a:wpdeveloper:embedpress:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 63%
0.00444
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 5.3
github
больше 2 лет назад
The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lock_content_form_handler' and 'display_password_form' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view the password protected content.
EPSS
Процентиль: 63%
0.00444
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3