Search criteria
1 vulnerability by looswebstudio
CVE-2024-2795 (GCVE-0-2024-2795)
Vulnerability from cvelistv5 – Published: 2024-06-28 06:57 – Updated: 2024-08-01 19:25
VLAI?
Title
SEO SIMPLE PACK <= 3.2.1 - Information Exposure
Summary
The SEO SIMPLE PACK plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.1 via META description. This makes it possible for unauthenticated attackers to extract limited information about password protected posts.
Severity ?
5.3 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| looswebstudio | SEO SIMPLE PACK |
Affected:
* , ≤ 3.2.1
(semver)
|
Credits
Krzysztof Zając
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:looswebstudio:seo_simple_pack:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "seo_simple_pack",
"vendor": "looswebstudio",
"versions": [
{
"lessThanOrEqual": "3.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T19:24:04.429452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T19:25:40.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:42.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f62a9ca0-7077-410f-b005-175348acd133?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/seo-simple-pack/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SEO SIMPLE PACK",
"vendor": "looswebstudio",
"versions": [
{
"lessThanOrEqual": "3.2.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The SEO SIMPLE PACK plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.1 via META description. This makes it possible for unauthenticated attackers to extract limited information about password protected posts."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-200 Information Exposure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T06:57:46.802Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f62a9ca0-7077-410f-b005-175348acd133?source=cve"
},
{
"url": "https://wordpress.org/plugins/seo-simple-pack/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-27T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "SEO SIMPLE PACK \u003c= 3.2.1 - Information Exposure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-2795",
"datePublished": "2024-06-28T06:57:46.802Z",
"dateReserved": "2024-03-21T18:14:20.653Z",
"dateUpdated": "2024-08-01T19:25:42.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}