WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score < 7.1.0 – Sensitive Information Exposure via insufficiently protected files | CVE 2023-7046 | Plugin Vulnerabilities

Description

The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated attackers to extract sensitive data including TLS Certificate Private Keys

Affects Plugins

wp-letsencrypt-ssl

Fixed in 7.1.0

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/7ab99751-24b7-41db-8a27-d86eda3eeee5

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Krzysztof Zając

Verified

No

WPVDB ID

3d205dfd-4d0d-48c4-82cf-0ea844c54d41

Timeline

Publicly Published

2024-04-09 (about 2 years ago)

Added

2024-04-09 (about 2 years ago)

Last Updated

2024-04-09 (about 2 years ago)

Other

Published

Title

Published

2025-03-07

Title

Print Invoice & Delivery Notes for WooCommerce < 5.5.0 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory

Published

2025-12-26

Title

Booking Ultra Pro <= 1.1.23 - Authenticated (Subscriber+) Information Exposure

Published

2024-06-20

Title

WishList Member X < 3.26.7 - Unauthenticated Information Exposure

Published

2024-10-30

Title

Stacks Mobile App Builder <= 5.2.3 - Unauthenticated Sensitive Information Disclosure

Published

2023-10-16

Title

Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing