CVE-2024-3679 (GCVE-0-2024-3679)

Vulnerability from cvelistv5 – Published: 2024-08-29 12:31 – Updated: 2024-08-29 13:16
VLAI?
Title
Premium SEO Pack – WP SEO Plugin <= 1.6.001 - Unauthenticated Information Exposure
Summary
The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.001. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data.
Severity ?
5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
calinvingan Premium SEO Pack – WP SEO Plugin Affected: * , ≤ 1.6.001 (semver)
Create a notification for this product.
Credits
Krzysztof Zając
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:calinvingan:premium_seo_pack_wp_seo_plugin:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "premium_seo_pack_wp_seo_plugin",
            "vendor": "calinvingan",
            "versions": [
              {
                "lessThanOrEqual": "1.6.001",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3679",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-29T13:12:05.809827Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-29T13:16:08.799Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Premium SEO Pack \u2013 WP SEO Plugin",
          "vendor": "calinvingan",
          "versions": [
            {
              "lessThanOrEqual": "1.6.001",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Krzysztof Zaj\u0105c"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Premium SEO Pack \u2013 WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.001. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Information Exposure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-29T12:31:10.777Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ccb65de5-bfb5-47db-87c9-ad46e65924b8?source=cve"
        },
        {
          "url": "https://wordpress.org/plugins/premium-seo-pack/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-28T00:00:00.000+00:00",
          "value": "Disclosed"
        }
      ],
      "title": "Premium SEO Pack \u2013 WP SEO Plugin \u003c= 1.6.001 - Unauthenticated Information Exposure"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-3679",
    "datePublished": "2024-08-29T12:31:10.777Z",
    "dateReserved": "2024-04-11T20:10:17.271Z",
    "dateUpdated": "2024-08-29T13:16:08.799Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:squirrly:wp_seo_plugin:*:*:*:*:*:wordpress:*:*\", \"versionEndIncluding\": \"1.6.001\", \"matchCriteriaId\": \"63091E93-A53F-4325-B0B3-DCD10910A069\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Premium SEO Pack \\u2013 WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.001. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data.\"}, {\"lang\": \"es\", \"value\": \"El complemento Premium SEO Pack \\u2013 WP SEO Plugin para WordPress es vulnerable a la exposici\\u00f3n de informaci\\u00f3n confidencial en todas las versiones hasta la 1.6.001 incluida. Esto permite que atacantes no autenticados vean informaci\\u00f3n limitada de publicaciones protegidas con contrase\\u00f1a a trav\\u00e9s de los metadatos sociales.\"}]",
      "id": "CVE-2024-3679",
      "lastModified": "2024-09-19T22:10:25.747",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@wordfence.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2024-08-29T13:15:06.627",
      "references": "[{\"url\": \"https://wordpress.org/plugins/premium-seo-pack/\", \"source\": \"security@wordfence.com\", \"tags\": [\"Product\"]}, {\"url\": \"https://www.wordfence.com/threat-intel/vulnerabilities/id/ccb65de5-bfb5-47db-87c9-ad46e65924b8?source=cve\", \"source\": \"security@wordfence.com\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "security@wordfence.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"security@wordfence.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-3679\",\"sourceIdentifier\":\"security@wordfence.com\",\"published\":\"2024-08-29T13:15:06.627\",\"lastModified\":\"2024-09-19T22:10:25.747\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Premium SEO Pack \u2013 WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.001. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data.\"},{\"lang\":\"es\",\"value\":\"El complemento Premium SEO Pack \u2013 WP SEO Plugin para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 1.6.001 incluida. Esto permite que atacantes no autenticados vean informaci\u00f3n limitada de publicaciones protegidas con contrase\u00f1a a trav\u00e9s de los metadatos sociales.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@wordfence.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@wordfence.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squirrly:wp_seo_plugin:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"1.6.001\",\"matchCriteriaId\":\"63091E93-A53F-4325-B0B3-DCD10910A069\"}]}]}],\"references\":[{\"url\":\"https://wordpress.org/plugins/premium-seo-pack/\",\"source\":\"security@wordfence.com\",\"tags\":[\"Product\"]},{\"url\":\"https://www.wordfence.com/threat-intel/vulnerabilities/id/ccb65de5-bfb5-47db-87c9-ad46e65924b8?source=cve\",\"source\":\"security@wordfence.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"b15e7b5b-3da4-40ae-a43c-f7aa60e62599\", \"shortName\": \"Wordfence\", \"dateUpdated\": \"2024-08-29T12:31:10.777Z\"}, \"affected\": [{\"vendor\": \"calinvingan\", \"product\": \"Premium SEO Pack \\u2013 WP SEO Plugin\", \"versions\": [{\"version\": \"*\", \"status\": \"affected\", \"lessThanOrEqual\": \"1.6.001\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Premium SEO Pack \\u2013 WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.001. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data.\"}], \"title\": \"Premium SEO Pack \\u2013 WP SEO Plugin \u003c= 1.6.001 - Unauthenticated Information Exposure\", \"references\": [{\"url\": \"https://www.wordfence.com/threat-intel/vulnerabilities/id/ccb65de5-bfb5-47db-87c9-ad46e65924b8?source=cve\"}, {\"url\": \"https://wordpress.org/plugins/premium-seo-pack/\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-200 Information Exposure\", \"cweId\": \"CWE-200\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\"}}], \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Krzysztof Zaj\\u0105c\"}], \"timeline\": [{\"time\": \"2024-08-28T00:00:00.000+00:00\", \"lang\": \"en\", \"value\": \"Disclosed\"}]}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-3679\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-29T13:12:05.809827Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:calinvingan:premium_seo_pack_wp_seo_plugin:*:*:*:*:*:*:*:*\"], \"vendor\": \"calinvingan\", \"product\": \"premium_seo_pack_wp_seo_plugin\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.6.001\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-29T13:15:48.938Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-3679\", \"assignerOrgId\": \"b15e7b5b-3da4-40ae-a43c-f7aa60e62599\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"Wordfence\", \"dateReserved\": \"2024-04-11T20:10:17.271Z\", \"datePublished\": \"2024-08-29T12:31:10.777Z\", \"dateUpdated\": \"2024-08-29T13:16:08.799Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.