BoldGrid Easy SEO – Simple and Effective SEO < 1.6.15 – Information Exposure | CVE 2024-2950 | Plugin Vulnerabilities

Description

The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.14 via meta information (og:description) This makes it possible for unauthenticated attackers to view the first 130 characters of a password protected post which can contain sensitive information.

Affects Plugins

boldgrid-easy-seo

Fixed in 1.6.15

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/d502e617-a59f-4385-b050-3702a1b1ed7e

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Krzysztof Zając

Verified

No

WPVDB ID

27bc00bb-3ce3-403a-a834-3b9ef3139e03

Timeline

Publicly Published

2024-04-05 (about 2 years ago)

Added

2024-04-05 (about 2 years ago)

Last Updated

2024-04-05 (about 2 years ago)

Other

Published

Title

Published

2024-11-28

Title

Content Audit Exporter <= 1.1 - Unauthenticated Sensitive Information Exposure

Published

2025-01-03

Title

Post/Page Copying Tool < 2.0.1 - Unauthenticated Sensitive Information Exposure

Published

2020-08-20

Title

Advanced Access Manager < 6.6.2 - Authenticated Information Disclosure

Published

2021-01-28

Title

uListing < 1.7 - Unauthenticated Information Disclosure

Published

2025-11-10

Title

Shelf Planner <= 2.7.0 - Unauthenticated Information Exposure via Log Files