CVE-2023-7046

The WP Encryption  One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated attackers to extract sensitive data including TLS Certificate Private Keys
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
WordfenceCNA
7.5 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
gowebsmartywp-encryption
𝑥
≤ 7.0
𝑥
= Vulnerable software versions
References
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3066915%40wp-letsencrypt-ssl&new=3066915%40wp-letsencrypt-ssl&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/7ab99751-24b7-41db-8a27-d86eda3eeee5?source=cve
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3066915%40wp-letsencrypt-ssl&new=3066915%40wp-letsencrypt-ssl&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/7ab99751-24b7-41db-8a27-d86eda3eeee5?source=cve