Lucene search

[email protected]NVD:CVE-2023-3371

HistoryJun 27, 2023 - 2:15 a.m.

CVE-2023-3371

2023-06-2702:15:09

[email protected]

web.nvd.nist.gov

wordpress

sensitive information exposure

hardcoded encryption key

unauthenticated attackers

password protected content

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.6%

JSON

The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the ‘lock_content_form_handler’ and ‘display_password_form’ function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view the password protected content.

Affected configurations

NVD

Node

wpdeveloperembedpressRange≤3.7.3wordpress

References

plugins.trac.wordpress.org/browser/embedpress/tags/3.7.3/EmbedPress/Includes/Classes/Helper.php#L231

plugins.trac.wordpress.org/browser/embedpress/tags/3.7.3/EmbedPress/Includes/Classes/Helper.php#L278

plugins.trac.wordpress.org/browser/embedpress/tags/3.7.3/Gutenberg/block-backend/block-embedpress.php#L30

plugins.trac.wordpress.org/changeset/2930523/embedpress#file10

plugins.trac.wordpress.org/changeset/2930523/embedpress#file28

www.wordfence.com/threat-intel/vulnerabilities/id/c1033b4d-82a0-4484-aebf-f35d6a2a9a13?source=cve

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.6%

JSON

Related for NVD:CVE-2023-3371

wpvulndb1 cve1 prion1 cvelist1 wordfence1