Insertion of Sensitive Information Into Sent Data

CVE-2024-37881

Medium

5.3/10

Summary

SiteGuard WP Plugin provides a functionality to customize the path to the login page wp-login.php and implements a measure to avoid redirection from other URLs. However, SiteGuard WP Plugin versions prior to 1.7.7 missed to implement a measure to avoid redirection from wp-register.php. As a result, the customized path to the login page may be exposed.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-201 - Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

References

Advisory Timeline

Published Jun 19, 2024

Insertion of Sensitive Information Into Sent Data

CVE-2024-37881

Summary

CWE-201 - Insertion of Sensitive Information Into Sent Data

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS