Lucene search

WpvulndbWPVDB-ID:3D205DFD-4D0D-48C4-82CF-0EA844C54D41

HistoryApr 09, 2024 - 12:00 a.m.

WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score < 7.1.0 - Sensitive Information Exposure via insufficiently protected files

2024-04-0900:00:00

wpscan.com

wp encryption

ssl

https redirect

vulnerability

sensitive information exposure

private key files

tls certificate

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Description The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated attackers to extract sensitive data including TLS Certificate Private Keys

CPENameOperatorVersion
eq7.1.0

CPE	Name	Operator	Version
		eq	7.1.0

References

www.wordfence.com/threat-intel/vulnerabilities/id/7ab99751-24b7-41db-8a27-d86eda3eeee5

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for WPVDB-ID:3D205DFD-4D0D-48C4-82CF-0EA844C54D41