WordPress Plugin Vulnerabilities

GravityForms < 2.4.9 - Hashed Password Leakage

Description

The gravityforms WordPress plugin was affected by a Hashed Password Leakage security vulnerability.

Affects Plugins

Plugin icon
gravityforms
Fixed in 2.4.9

References

CVE
CVE-2020-13764

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
2.7 (low)

Miscellaneous

Original Researcher
Jan van der Put and Harm Blankers of REQON Security
Verified
No
WPVDB ID
09a9ced9-ff06-42e3-964f-c51230a95e32

Timeline

Publicly Published
2019-05-08 (about 7 years ago)
Added
2020-06-03 (about 5 years ago)
Last Updated
2020-06-04 (about 5 years ago)

Other

Published
Title
Published
2026-01-22
Title
Integration for Contact Form 7 HubSpot < 1.4.4 - Authenticated (Subscriber+) Information Exposure
Published
2023-09-11
Title
WooCommerce < 8.1.1 - Shop Manager+ User Metadata Disclosure
Published
2024-02-20
Title
Error Log Viewer < 1.1.3 - Directory Listing to Sensitive Data Exposure
Published
2025-10-14
Title
Simple Job Board < 2.13.8 - Unauthenticated Sensitive Information Exposure
Published
2024-04-05
Title
Subscribe To Comments Reloaded < 240119 - Unauthenticated Sensitive Information Exposure