Sensitive Information Exposure in Watu Quiz Plugin for WordPress
CVE-2024-0872

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Watu Quiz
Vendor: CVE Published:; 9 April 2024

What is CVE-2024-0872?

The Watu Quiz plugin for WordPress has a vulnerability that allows authenticated attackers with contributor-level access or higher to exploit the watu-userinfo shortcode. This can lead to unauthorized access to sensitive user metadata, including session tokens and user emails. The vulnerability affects all versions up to and including 3.4.1, highlighting the importance of regular updates and security assessments for WordPress plugins.

Affected Version(s)

Watu Quiz * <= 3.4.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/3036986/

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Jan 24, 2024

Credit

Lucio Sá