Search criteria
9 vulnerabilities found for wp_hardening by getastra
FKIE_CVE-2024-6641
Vulnerability from fkie_nvd - Published: 2024-09-18 06:15 - Updated: 2024-09-25 19:07
Severity ?
Summary
The WP Hardening – Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular expression within the "Stop User Enumeration" feature. This makes it possible for unauthenticated attackers to bypass intended security restrictions and expose site usernames.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| getastra | wp_hardening | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getastra:wp_hardening:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "545F3273-8672-4154-9B86-8AE9C206101C",
"versionEndExcluding": "1.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP Hardening \u2013 Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular expression within the \"Stop User Enumeration\" feature. This makes it possible for unauthenticated attackers to bypass intended security restrictions and expose site usernames."
},
{
"lang": "es",
"value": "El complemento WP Hardening \u2013 Fix Your WordPress Security para WordPress es vulnerable a la omisi\u00f3n de funciones de seguridad en todas las versiones hasta la 1.2.6 incluida. Esto se debe al uso de una expresi\u00f3n regular incorrecta dentro de la funci\u00f3n \"Detener enumeraci\u00f3n de usuarios\". Esto permite que atacantes no autenticados eludan las restricciones de seguridad previstas y expongan los nombres de usuario del sitio."
}
],
"id": "CVE-2024-6641",
"lastModified": "2024-09-25T19:07:40.013",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@wordfence.com",
"type": "Secondary"
}
]
},
"published": "2024-09-18T06:15:02.490",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3151308/wp-security-hardening"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7a52a278-1729-4027-8a00-e9804fa6698b?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-185"
}
],
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-24372
Vulnerability from fkie_nvd - Published: 2021-06-21 20:15 - Updated: 2024-11-21 05:52
Severity ?
Summary
The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER['REQUEST_URI'] before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue.
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/5340ae4e-95ba-4a69-beb1-3459cac17782 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/5340ae4e-95ba-4a69-beb1-3459cac17782 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| getastra | wp_hardening | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getastra:wp_hardening:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "EEA08B71-C033-43A6-9368-16CFB3218BAA",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP Hardening \u2013 Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER[\u0027REQUEST_URI\u0027] before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue."
},
{
"lang": "es",
"value": "El plugin WP Hardening \u00e2\u20ac\u201c Fix Your WordPress Security WordPress versiones anteriores a 1.2.2, no saneaba o escapaba el par\u00e1metro $_SERVER[\"REQUEST_URI\"] antes de mostrarlo en un atributo, conllevando a un problema de tipo Cross-Site Scripting reflejado"
}
],
"id": "CVE-2021-24372",
"lastModified": "2024-11-21T05:52:56.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-21T20:15:08.827",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/5340ae4e-95ba-4a69-beb1-3459cac17782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/5340ae4e-95ba-4a69-beb1-3459cac17782"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-24373
Vulnerability from fkie_nvd - Published: 2021-06-21 20:15 - Updated: 2024-11-21 05:52
Severity ?
Summary
The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a reflected Cross-Site Scripting issue.
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/fcf17278-609f-4f75-8a87-9b4579dee1c8 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/fcf17278-609f-4f75-8a87-9b4579dee1c8 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| getastra | wp_hardening | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getastra:wp_hardening:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "EEA08B71-C033-43A6-9368-16CFB3218BAA",
"versionEndExcluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP Hardening \u2013 Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a reflected Cross-Site Scripting issue."
},
{
"lang": "es",
"value": "El plugin WP Hardening \u00e2\u20ac\u201c Fix Your WordPress Security WordPress versiones anteriores a 1.2.2 no saneaba o escapaba el par\u00e1metro historyvalue GET antes de emitirlo en un bloque Javascript, conllevando a un problema de tipo Cross-Site Scripting reflejado"
}
],
"id": "CVE-2021-24373",
"lastModified": "2024-11-21T05:52:56.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-21T20:15:08.900",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/fcf17278-609f-4f75-8a87-9b4579dee1c8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/fcf17278-609f-4f75-8a87-9b4579dee1c8"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
}
]
}
CVE-2024-6641 (GCVE-0-2024-6641)
Vulnerability from cvelistv5 – Published: 2024-09-18 05:31 – Updated: 2024-09-18 15:04
VLAI?
Title
WP Hardening – Fix Your WordPress Security <= 1.2.6 - Unauthenticated Security Feature Bypass to Username Enumeration
Summary
The WP Hardening – Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular expression within the "Stop User Enumeration" feature. This makes it possible for unauthenticated attackers to bypass intended security restrictions and expose site usernames.
Severity ?
5.3 (Medium)
CWE
- CWE-185 - Incorrect Regular Expression
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| astrasecuritysuite | WP Hardening (discontinued) |
Affected:
* , ≤ 1.2.6
(semver)
|
Credits
Felipe Caon
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:getastra:wp_hardening:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "wp_hardening",
"vendor": "getastra",
"versions": [
{
"lessThanOrEqual": "1.2.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6641",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T15:01:44.858232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T15:04:25.453Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP Hardening (discontinued)",
"vendor": "astrasecuritysuite",
"versions": [
{
"lessThanOrEqual": "1.2.6",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Felipe Caon"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Hardening \u2013 Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular expression within the \"Stop User Enumeration\" feature. This makes it possible for unauthenticated attackers to bypass intended security restrictions and expose site usernames."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-185",
"description": "CWE-185 Incorrect Regular Expression",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T05:31:13.844Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7a52a278-1729-4027-8a00-e9804fa6698b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3151308/wp-security-hardening"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-10T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-09-17T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "WP Hardening \u2013 Fix Your WordPress Security \u003c= 1.2.6 - Unauthenticated Security Feature Bypass to Username Enumeration"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6641",
"datePublished": "2024-09-18T05:31:13.844Z",
"dateReserved": "2024-07-10T00:52:55.526Z",
"dateUpdated": "2024-09-18T15:04:25.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24373 (GCVE-0-2021-24373)
Vulnerability from cvelistv5 – Published: 2021-06-21 19:18 – Updated: 2024-08-03 19:28
VLAI?
Title
WP Hardening < 1.2.2 - Reflected XSS via historyvalue
Summary
The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a reflected Cross-Site Scripting issue.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP Hardening – Fix Your WordPress Security |
Affected:
1.2.2 , < 1.2.2
(custom)
|
Credits
dc11
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/fcf17278-609f-4f75-8a87-9b4579dee1c8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Hardening \u2013 Fix Your WordPress Security",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "1.2.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "dc11"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Hardening \u2013 Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a reflected Cross-Site Scripting issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-21T19:18:20",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/fcf17278-609f-4f75-8a87-9b4579dee1c8"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WP Hardening \u003c 1.2.2 - Reflected XSS via historyvalue",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24373",
"STATE": "PUBLIC",
"TITLE": "WP Hardening \u003c 1.2.2 - Reflected XSS via historyvalue"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Hardening \u2013 Fix Your WordPress Security",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.2.2",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "dc11"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Hardening \u2013 Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a reflected Cross-Site Scripting issue."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/fcf17278-609f-4f75-8a87-9b4579dee1c8",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/fcf17278-609f-4f75-8a87-9b4579dee1c8"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24373",
"datePublished": "2021-06-21T19:18:20",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:23.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24372 (GCVE-0-2021-24372)
Vulnerability from cvelistv5 – Published: 2021-06-21 19:18 – Updated: 2024-08-03 19:28
VLAI?
Title
WP Hardening < 1.2.2 - Reflected XSS via URI
Summary
The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER['REQUEST_URI'] before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP Hardening – Fix Your WordPress Security |
Affected:
1.2.2 , < 1.2.2
(custom)
|
Credits
dc11
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5340ae4e-95ba-4a69-beb1-3459cac17782"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Hardening \u2013 Fix Your WordPress Security",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "1.2.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "dc11"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Hardening \u2013 Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER[\u0027REQUEST_URI\u0027] before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-21T19:18:19",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/5340ae4e-95ba-4a69-beb1-3459cac17782"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WP Hardening \u003c 1.2.2 - Reflected XSS via URI",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24372",
"STATE": "PUBLIC",
"TITLE": "WP Hardening \u003c 1.2.2 - Reflected XSS via URI"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Hardening \u2013 Fix Your WordPress Security",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.2.2",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "dc11"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Hardening \u2013 Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER[\u0027REQUEST_URI\u0027] before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/5340ae4e-95ba-4a69-beb1-3459cac17782",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/5340ae4e-95ba-4a69-beb1-3459cac17782"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24372",
"datePublished": "2021-06-21T19:18:19",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:23.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6641 (GCVE-0-2024-6641)
Vulnerability from nvd – Published: 2024-09-18 05:31 – Updated: 2024-09-18 15:04
VLAI?
Title
WP Hardening – Fix Your WordPress Security <= 1.2.6 - Unauthenticated Security Feature Bypass to Username Enumeration
Summary
The WP Hardening – Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular expression within the "Stop User Enumeration" feature. This makes it possible for unauthenticated attackers to bypass intended security restrictions and expose site usernames.
Severity ?
5.3 (Medium)
CWE
- CWE-185 - Incorrect Regular Expression
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| astrasecuritysuite | WP Hardening (discontinued) |
Affected:
* , ≤ 1.2.6
(semver)
|
Credits
Felipe Caon
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:getastra:wp_hardening:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "wp_hardening",
"vendor": "getastra",
"versions": [
{
"lessThanOrEqual": "1.2.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6641",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T15:01:44.858232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T15:04:25.453Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP Hardening (discontinued)",
"vendor": "astrasecuritysuite",
"versions": [
{
"lessThanOrEqual": "1.2.6",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Felipe Caon"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Hardening \u2013 Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular expression within the \"Stop User Enumeration\" feature. This makes it possible for unauthenticated attackers to bypass intended security restrictions and expose site usernames."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-185",
"description": "CWE-185 Incorrect Regular Expression",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T05:31:13.844Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7a52a278-1729-4027-8a00-e9804fa6698b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3151308/wp-security-hardening"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-10T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-09-17T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "WP Hardening \u2013 Fix Your WordPress Security \u003c= 1.2.6 - Unauthenticated Security Feature Bypass to Username Enumeration"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6641",
"datePublished": "2024-09-18T05:31:13.844Z",
"dateReserved": "2024-07-10T00:52:55.526Z",
"dateUpdated": "2024-09-18T15:04:25.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24373 (GCVE-0-2021-24373)
Vulnerability from nvd – Published: 2021-06-21 19:18 – Updated: 2024-08-03 19:28
VLAI?
Title
WP Hardening < 1.2.2 - Reflected XSS via historyvalue
Summary
The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a reflected Cross-Site Scripting issue.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP Hardening – Fix Your WordPress Security |
Affected:
1.2.2 , < 1.2.2
(custom)
|
Credits
dc11
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/fcf17278-609f-4f75-8a87-9b4579dee1c8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Hardening \u2013 Fix Your WordPress Security",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "1.2.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "dc11"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Hardening \u2013 Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a reflected Cross-Site Scripting issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-21T19:18:20",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/fcf17278-609f-4f75-8a87-9b4579dee1c8"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WP Hardening \u003c 1.2.2 - Reflected XSS via historyvalue",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24373",
"STATE": "PUBLIC",
"TITLE": "WP Hardening \u003c 1.2.2 - Reflected XSS via historyvalue"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Hardening \u2013 Fix Your WordPress Security",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.2.2",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "dc11"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Hardening \u2013 Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a reflected Cross-Site Scripting issue."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/fcf17278-609f-4f75-8a87-9b4579dee1c8",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/fcf17278-609f-4f75-8a87-9b4579dee1c8"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24373",
"datePublished": "2021-06-21T19:18:20",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:23.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24372 (GCVE-0-2021-24372)
Vulnerability from nvd – Published: 2021-06-21 19:18 – Updated: 2024-08-03 19:28
VLAI?
Title
WP Hardening < 1.2.2 - Reflected XSS via URI
Summary
The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER['REQUEST_URI'] before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP Hardening – Fix Your WordPress Security |
Affected:
1.2.2 , < 1.2.2
(custom)
|
Credits
dc11
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5340ae4e-95ba-4a69-beb1-3459cac17782"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Hardening \u2013 Fix Your WordPress Security",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "1.2.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "dc11"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Hardening \u2013 Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER[\u0027REQUEST_URI\u0027] before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-21T19:18:19",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/5340ae4e-95ba-4a69-beb1-3459cac17782"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WP Hardening \u003c 1.2.2 - Reflected XSS via URI",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24372",
"STATE": "PUBLIC",
"TITLE": "WP Hardening \u003c 1.2.2 - Reflected XSS via URI"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Hardening \u2013 Fix Your WordPress Security",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.2.2",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "dc11"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Hardening \u2013 Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER[\u0027REQUEST_URI\u0027] before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/5340ae4e-95ba-4a69-beb1-3459cac17782",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/5340ae4e-95ba-4a69-beb1-3459cac17782"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24372",
"datePublished": "2021-06-21T19:18:19",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:23.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}