CVE-2024-1076
Last modified
CVE-2024-1076 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX.. EPSS estimates a 0.41% chance of exploitation in the next 30 days.
Description
The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sslzen | Ssl Zen | < 4.6.0 |
References
- https://wpscan.com/vulnerability/9c3e9c72-3d6c-4e2c-bb8a-f4efce1371d5/Exploit, Third Party Advisory
- https://wpscan.com/vulnerability/9c3e9c72-3d6c-4e2c-bb8a-f4efce1371d5/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-1076?
How severe is CVE-2024-1076?
How do I fix CVE-2024-1076?
Are you affected by CVE-2024-1076?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST