WordPress Plugin Vulnerabilities

VK All in One Expansion Unit < 9.96.0.0 - Unauthenticated Password Protected Content Access

Description

The plugin is vulnerable to Sensitive Information Exposure via social meta tags, allowing unauthenticated attackers to view limited password protected content.

Affects Plugins

Plugin icon
vk-all-in-one-expansion-unit
Fixed in 9.96.0.0

References

CVE
CVE-2024-2093
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/ea2b5dca-42a5-49d4-800d-b268572968a9

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając
Verified
No
WPVDB ID
67b0fb67-2136-40e3-bfb6-4366bc1a19d1

Timeline

Publicly Published
2024-03-26 (about 2 years ago)
Added
2024-03-26 (about 2 years ago)
Last Updated
2024-03-26 (about 2 years ago)

Other

Published
Title
Published
2025-10-14
Title
Simple Job Board < 2.13.8 - Unauthenticated Sensitive Information Exposure
Published
2023-06-08
Title
Metform Elementor Contact Form Builder < 3.3.2 - Multiple Subscriber+ Sensitive Information Disclosure Issues
Published
2024-10-09
Title
Keep Backup Daily <= 2.1.2 - Unauthenticated Information Disclosure
Published
2023-06-23
Title
MainWP Child < 4.4.1.2 - Sensitive File Disclosure
Published
2026-01-18
Title
Ninja Tables – Easy Data Table Builder < 5.2.6 - Authenticated (Contributor+) Information Exposure