CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35776 – WordPress phpinfo() WP plugin <= 5.0 - Unauthenticated Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-35776
19 Jun 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exeebit phpinfo() WP.This issue affects phpinfo() WP: from n/a through 5.0. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Exeebit phpinfo() WP. Este problema afecta a phpinfo() WP: desde n/a hasta 5.0. The phpinfo() WP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.0. This makes it possible for unauthenticated attackers to extract s... • https://patchstack.com/database/vulnerability/phpinfo-wp/wordpress-phpinfo-wp-plugin-5-0-unauthenticated-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26542 – WordPress phpinfo() WP Plugin <= 4.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-26542
24 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Exeebit phpinfo() WP plugin <= 4.0 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Exeebit phpinfo() WP en versiones <=4.0. The phpinfo() WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0. This is due to missing nonce validation on the new_request() function. This makes it possible for unauthenticated attackers to trigger an .htaccess backup along with restoring and e... • https://patchstack.com/database/vulnerability/phpinfo-wp/wordpress-phpinfo-wp-plugin-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •