CVE-2024-5880
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-5880 identifies a vulnerability in the Hide My Site plugin for WordPress, affecting all versions up to and including 2.2, which allows unauthenticated attackers to access sensitive information due to inadequate restrictions on the REST API when password protection is enabled. The potential risk includes unauthorized access to site data, posing a medium-level threat with a CVSS base score of 4.3 and a confidentiality impact rated as low. To remediate this vulnerability, users should update the plugin to the latest version that addresses this issue. The vulnerability requires no privileges or user interaction, and it has a low attack complexity, making it relatively easy for attackers to exploit. Organizations utilizing this plugin should prioritize updating their installations to mitigate potential data exposure risks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.