exploitDog

CVE-2024-8106

Опубликовано: 04 сент. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.8 via the download_user_ajax function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including usernames, hashed passwords, and emails.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpextended:wp_extended:*:*:*:*:*:wordpress:*:*

Версия до 3.0.9 (исключая)

EPSS

Процентиль: 70%

0.00634

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo

Связанные уязвимости

GHSA-3xfv-v3m6-pcv2

CVSS3: 6.5

github

больше 1 года назад

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.8 via the download_user_ajax function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including usernames, hashed passwords, and emails.

EPSS

Процентиль: 70%

0.00634

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo