WordPress Plugin Vulnerabilities

Create by Mediavine < 1.9.9 - Unauthenticated Sensitive Information Exposure

Description

The plugin is vulnerable to Sensitive Information Exposure, allowing unauthenticated attackers to extract sensitive user or configuration data.

Affects Plugins

Plugin icon
mediavine-create
Fixed in 1.9.9

References

CVE
CVE-2024-43264
URL
https://patchstack.com/database/vulnerability/mediavine-create/wordpress-create-by-mediavine-plugin-1-9-7-sensitive-data-exposure-vulnerability

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Peng Zhou
Verified
No
WPVDB ID
732b0226-37a1-4dab-9997-9a3f536d1f80

Timeline

Publicly Published
2024-08-12 (about 1 year ago)
Added
2024-08-22 (about 1 year ago)
Last Updated
2024-09-03 (about 1 year ago)

Other

Published
Title
Published
2025-12-12
Title
Export WP Page to Static HTML & PDF < 5.0.0 - Unauthenticated Cookie Exposure via Log File
Published
2025-04-24
Title
Prevent Direct Access – Protect WordPress Files < 2.8.8.1 - Unauthenticated Sensitive Information Exposure
Published
2026-03-22
Title
Simple History < 5.24.1 - Unauthenticated Information Exposure
Published
2025-04-03
Title
TailPress <= 0.4.4 - Unauthenticated Sensitive Information Exposure
Published
2026-01-20
Title
Contact Form & Lead Form Elementor Builder < 2.0.2 - Authenticated (Subscriber+) Information Exposure