CVE-2024-2093

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
WordfenceCNA
6.5 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
vektor-incvk_all_in_one_expansion_unit
𝑥
< 9.96.0.0
𝑥
= Vulnerable software versions
References
https://github.com/vektor-inc/vk-all-in-one-expansion-unit/pull/1072
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050823%40vk-all-in-one-expansion-unit&new=3050823%40vk-all-in-one-expansion-unit&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/ea2b5dca-42a5-49d4-800d-b268572968a9?source=cve
https://github.com/vektor-inc/vk-all-in-one-expansion-unit/pull/1072
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050823%40vk-all-in-one-expansion-unit&new=3050823%40vk-all-in-one-expansion-unit&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/ea2b5dca-42a5-49d4-800d-b268572968a9?source=cve