cbcvebase.
CVE-2024-33575
published 2024-04-29

CVE-2024-33575: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in User Meta user-meta.This issue affects User Meta: from n/a through 3.0.

PriorityP277medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.12%
62.1th percentile
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in User Meta user-meta.This issue affects User Meta: from n/a through 3.0.

Affected

1 ranges
VendorProductVersion rangeFixed in
user_metauser_metan/a – 3.0

Detection & IOCsextracted from sources · hover to see the quote

bytes
4b0a00483046022100aeaa86314d4dc52f4a090231e0fdc7ff36ce9d6cb7a324d18819a03f77e225110221008cdacfd80d8625832122b59c2e28b3e9d9e00c2287fbe81605999a5223eb22c8:922c64590222798bb761d5b6d8e72950
  • ·Vulnerability affects User Meta plugin versions from n/a through 3.0; patch or update beyond 3.0 to remediate.

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.