CVE-2024-6641

Sažetak

The WP Hardening – Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular expression within the "Stop User Enumeration" feature. This makes it possible for unauthenticated attackers to bypass intended security restrictions and expose site usernames.

Reference

https://plugins.trac.wordpress.org/changeset/3151308/wp-security-hardening
https://www.wordfence.com/threat-intel/vulnerabilities/id/7a52a278-1729-4027-8a00-e9804fa6698b?source=cve

CVSS

Base:	5.3
Impact:	1.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Zadnje važnije ažuriranje

20-09-2024 - 12:30

Objavljeno

18-09-2024 - 06:15