CVE-2024-33575
published 2024-04-29CVE-2024-33575: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in User Meta user-meta.This issue affects User Meta: from n/a through 3.0.
PriorityP277medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.12%
62.1th percentile
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in User Meta user-meta.This issue affects User Meta: from n/a through 3.0.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| user_meta | user_meta | n/a – 3.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes
4b0a00483046022100aeaa86314d4dc52f4a090231e0fdc7ff36ce9d6cb7a324d18819a03f77e225110221008cdacfd80d8625832122b59c2e28b3e9d9e00c2287fbe81605999a5223eb22c8:922c64590222798bb761d5b6d8e72950
- ·Vulnerability affects User Meta plugin versions from n/a through 3.0; patch or update beyond 3.0 to remediate. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5xxc-3cwr-rgj7: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in User Meta user-meta
ghsa_unreviewed·2024-04-29
CVE-2024-33575 [MEDIUM] CWE-200 GHSA-5xxc-3cwr-rgj7: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in User Meta user-meta
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in User Meta user-meta.This issue affects User Meta: from n/a through 3.0.
VulnCheck
user-meta user_meta_user_profile_builder_and_user_management Exposure of Sensitive Information to an Unauthorized Actor
vulncheck·2024·CVSS 5.3
CVE-2024-33575 [MEDIUM] user-meta user_meta_user_profile_builder_and_user_management Exposure of Sensitive Information to an Unauthorized Actor
user-meta user_meta_user_profile_builder_and_user_management Exposure of Sensitive Information to an Unauthorized Actor
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in User Meta user-meta.This issue affects User Meta: from n/a through 3.0.
Affected: user-meta user_meta_user_profile_builder_and_user_management
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://cyble.com/blog/cyble-sensors-wordpress-plugins-network-devices/
No detection rules found.
Nuclei
User Meta WP Plugin < 3.1 - Sensitive Information Exposure
nuclei·CVSS 5.3
CVE-2024-33575 [MEDIUM] User Meta WP Plugin < 3.1 - Sensitive Information Exposure
User Meta WP Plugin ")'
condition: and
# digest: 4b0a00483046022100aeaa86314d4dc52f4a090231e0fdc7ff36ce9d6cb7a324d18819a03f77e225110221008cdacfd80d8625832122b59c2e28b3e9d9e00c2287fbe81605999a5223eb22c8:922c64590222798bb761d5b6d8e72950
2024-04-29
Published
Exploited in the wild