CVE-2025-24582
published 2025-01-24CVE-2025-24582: Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive…
PriorityP334medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
0.93%
56.2th percentile
Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting List: from n/a through <= 3.16.5.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aa_web_servant | 12_step_meeting_list | <= 3.16.5 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
12 Step Meeting List < 3.16.6 - Unauthenticated Sensitive Information Exposure
nuclei
CVE-2025-24582 12 Step Meeting List < 3.16.6 - Unauthenticated Sensitive Information Exposure
12 Step Meeting List < 3.16.6 - Unauthenticated Sensitive Information Exposure
The 12 Step Meeting List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.16.5.This makes it possible for unauthenticated attackers to extract sensitive user or configuration data via two AJAX endpoints: tsml_info and tsml_geocodes.
Template:
id: CVE-2025-24582
info:
name: 12 Step Meeting List < 3.16.6 - Unauthenticated Sensitive Information Exposure
author: pussycat0x
severity: medium
description: |
The 12 Step Meeting List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.16.5.This makes it possible for unauthenticated attackers to extract sensitive user or configuration data via two AJAX
No writeups or analysis indexed.
2025-01-24
Published