CVE-2022-1186
Be POPIA Compliant <= 1.1.5 - Sensitive Information Exposure
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
19 Apr 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The WordPress plugin Be POPIA Compliant exposed sensitive information to unauthenticated users consisting of site visitors emails and usernames via an API route, in versions up to an including 1.1.5.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
bepopiacompliant · Be POPIA CompliantWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →