PRIOn knowledge basePRION:CVE-2023-3371

HistoryJun 27, 2023 - 2:15 a.m.

Hardcoded credentials

2023-06-2702:15:00

PRIOn knowledge base

www.prio-n.com

hardcoded credentials

sensitive information exposure

wordpress vulnerability

encryption key

unauthenticated attackers

password protected content

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.6%

JSON

The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the ‘lock_content_form_handler’ and ‘display_password_form’ function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view the password protected content.

CPENameOperatorVersion
embedpressle3.7.3

CPE	Name	Operator	Version
	embedpress	le	3.7.3

References

plugins.trac.wordpress.org/browser/embedpress/tags/3.7.3/EmbedPress/Includes/Classes/Helper.php

plugins.trac.wordpress.org/browser/embedpress/tags/3.7.3/Gutenberg/block-backend/block-embedpress.php

plugins.trac.wordpress.org/changeset/2930523/embedpress

www.wordfence.com/threat-intel/vulnerabilities/id/c1033b4d-82a0-4484-aebf-f35d6a2a9a13?source=cve