Unauthenticated Attackers Can Access Limited Information From Password Protected Posts

CVE-2024-3679

7.5HIGH

Key Information

Vendor: Calinvingan
Status: Premium Seo Pack – WP Seo Plugin
Vendor: CVE Published:; 29 August 2024

Summary

The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.001. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data.

Affected Version(s)

Premium SEO Pack – WP SEO Plugin <= 1.6.001

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Aug 29, 2024
Disclosed
Aug 28, 2024
Vulnerability Reserved.
Apr 11, 2024

Collectors

NVD DatabaseMitre Database

Credit

Krzysztof Zając