CVE-2024-13773

Опубликовано: 14 мар. 2025

Источник: nvd

CVSS3: 7.3

CVSS3: 7.5

EPSS Низкий

Описание

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including LinkedIn client and secret keys.

Ссылки

http://localhost:1337/wp-content/themes/civi/includes/class-init.php#L36
Broken Link
https://www.wordfence.com/threat-intel/vulnerabilities/id/e3499182-7501-4fec-a7c6-b66ae47533cd?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:uxper:civi:*:*:*:*:*:wordpress:*:*

Версия до 2.1.4 (включая)

EPSS

Процентиль: 54%

0.00315

Низкий

7.3 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-321

CWE-798

Связанные уязвимости

GHSA-m727-97qg-jrmp

CVSS3: 7.3

github

11 месяцев назад

EPSS

Процентиль: 54%

0.00315

Низкий

7.3 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-321

CWE-798