2024-05-06 16:23:48 +00:00
id : CVE-2024-33575
info :
name : User Meta WP Plugin < 3.1 - Sensitive Information Exposure
author : Kazgangap
severity : medium
description : |
The User Meta is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0 via the /views/debug.php file. This makes it possible for unauthenticated attackers, with to extract sensitive configuration data.
remediation : Fixed in 3.1
reference :
- https://nvd.nist.gov/vuln/detail/CVE-2024-33575
- https://wpscan.com/vulnerability/3b75549c-3fc5-4e6f-84ae-264d8276bfb3/
- https://patchstack.com/database/vulnerability/user-meta/wordpress-user-meta-plugin-3-0-sensitive-data-exposure-vulnerability?_s_id=cve
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score : 5.3
cve-id : CVE-2024-33575
cwe-id : CWE-200
2024-05-31 19:23:20 +00:00
epss-score : 0.00053
epss-percentile : 0.21091
2024-05-06 16:23:48 +00:00
metadata :
2024-06-07 10:04:29 +00:00
max-request : 1
vendor : "User Meta"
product : "User Meta"
2024-05-06 16:23:48 +00:00
framework : wordpress
2024-06-07 10:04:29 +00:00
shodan-query : "http.html:/wp-content/plugins/user-meta/"
fofa-query : "body=/wp-content/plugins/user-meta/"
2024-05-06 18:31:23 +00:00
publicwww-query : "/wp-content/plugins/user-meta/"
2024-06-07 10:04:29 +00:00
tags : wpscan,cve,cve2024,user-meta,wordpress,wp-plugin,info-leak,User Meta
2024-05-06 16:23:48 +00:00
http :
- method : GET
path :
- "{{BaseURL}}/wp-content/plugins/user-meta/views/debug.php"
matchers :
- type : dsl
dsl :
2024-05-06 18:31:23 +00:00
- 'status_code == 200'
- 'contains(body, "um-debug<br/>")'
condition : and
2024-06-08 16:02:17 +00:00
# digest: 4a0a00473045022100a78c33e192853e8fcda0de18684d06e49ae77793a8e3ceea2344f78a9aa7137302203845d1d0be3f8a221e28560b7f7156739ffa43d6db8b4bd532cd3c798f94e5b1:922c64590222798bb761d5b6d8e72950
