WordPress Plugin Vulnerabilities

TrustedLogin Vendor < 1.1.1 - Unauthenticated Information Disclosure

Description

The TrustedLogin Vendor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions prior to 1.1.1 (exclusive). This makes it possible for unauthenticated attackers to extract sensitive user or configuration data.

Affects Plugins

Plugin icon
vendor
Fixed in 1.1.1

References

CVE
CVE-2024-37270
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/bfa9a9f6-dfbb-442c-af2c-af3d44e7b0f1

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Dhabaleshwar Das
Verified
No
WPVDB ID
03042476-720a-4ae0-819c-652b14d3dee6

Timeline

Publicly Published
2024-06-27 (about 1 year ago)
Added
2024-07-03 (about 1 year ago)
Last Updated
2024-07-03 (about 1 year ago)

Other

Published
Title
Published
2026-01-27
Title
JobBoard Job listing <= 1.2.8 - Unauthenticated Information Exposure
Published
2025-04-07
Title
GreenPay(tm) by Green.Money 3.0.0 - 3.0.9 - Unauthenticated Information Exposure
Published
2025-01-24
Title
WooCommerce Quick View < 1.1.3 - Unauthenticated Information Disclosure
Published
2024-10-11
Title
Elementor Addon Elements < 1.13.9 - Authenticated (Contributor+) Sensitive Information Exposure via table_saved_sections
Published
2025-05-16
Title
Plant - Gardening & Houseplants WordPress Theme <= 1.0.0 - Unauthenticated Information Exposure