Insecure Storage of Sensitive Information Vulnerability Affects Defender Security
CVE-2022-44581

5MEDIUM

Key Information:

Vendor: WordPress
Status: Defender Security
Vendor: CVE Published:; 17 May 2024

Summary

The vulnerability in WPMU DEV's Defender Security plugin enables the insecure storage of sensitive information. Specifically, this flaw allows temporary files to potentially expose sensitive data to unauthorized access. Affected versions of the plugin may lead to security risks, emphasizing the need for website administrators to assess their current installations and implement recommended patches or alternative security measures.

Affected Version(s)

Defender Security <= 3.3.2

References

https://patchstack.com/database/vulnerability/defender-se...

vdb-entry

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2024
Vulnerability Reserved
Nov 1, 2022

Credit

Calvin Alkan - Snicco (Patchstack Alliance)