Unauthorized Access to Sensitive Information in phpinfo() WP
CVE-2024-35776

7.5HIGH

Key Information:

Vendor: WordPress
Status: PHPinfo() WP
Vendor: CVE Published:; 21 June 2024

What is CVE-2024-35776?

The Exeebit phpinfo() WP Plugin is vulnerable to unauthorized data exposure, whereby sensitive information may be accessed by unauthorized actors. This vulnerability affects all versions from n/a up to 5.0, posing a risk to WordPress installations utilizing this plugin. Site owners are strongly advised to update to the latest version and implement appropriate security measures to safeguard against potential breaches.

Affected Version(s)

phpinfo() WP <= 5.0

References

https://patchstack.com/database/vulnerability/phpinfo-wp/...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 21, 2024
Vulnerability Reserved
May 17, 2024

Credit

LuxF0z (Patchstack Alliance)