The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API key and password, PayPal Client Secret, and more keys and passwords.
El complemento Leyka para WordPress es vulnerable a la Exposición de Información Sensible en versiones hasta la 3.30.3 inclusive a través de la función 'leyka_ajax_get_env_and_options'. Esto puede permitir a atacantes autenticados con permisos de nivel de suscriptor o superior extraer datos confidenciales, incluida la clave y contraseña de la API de Sberbank, el Secreto del Cliente de PayPal y más claves y contraseñas.
The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.7 via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API key and password, PayPal Client Secret, and more keys and passwords.
