cbcvebase.
CVE-2020-9043
published 2020-02-17

CVE-2020-9043: The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key.

PriorityP275high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
8.17%
94.2th percentile
The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key.

Affected

1 ranges
VendorProductVersion rangeFixed in
wpcentralwpcentral< 1.5.11.5.1

Detection & IOCsextracted from sources · hover to see the quote

regexWordPress wpCentral ([a-z0-9]+)
  • Extract the wpCentral connection key from the response body by matching the regex pattern for 'WordPress wpCentral' followed by an alphanumeric token — this token is the disclosed connection key.
  • Extract the WordPress nonce from the response body using the '_wpnonce=' parameter pattern; this nonce is used as part of the exploit chain to retrieve the connection key.
  • The exploit targets the body of a WordPress page response (part: body), indicating the connection key is leaked in unauthenticated or low-privilege HTTP responses.
  • ·The vulnerability affects wpCentral plugin versions before 1.5.1; ensure detection rules are scoped to installations running versions prior to 1.5.1.
  • ·The two regex extractions (connection key and nonce) are marked 'internal: true', meaning they are intermediate extraction steps in a multi-stage detection template, not standalone indicators — both values must be chained together to confirm exploitation.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.