SSL Zen <= 4.5.3 – Unauthenticated Private Keys Access | CVE 2024-1076

Description

The plugin does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX.

Proof of Concept

Install the plugin on a server that doesn't support .htaccess (e.g. NGINX), generate keys and browse to ./wp-content/plugins/ssl-zen/ssl_zen/keys.

Affects Plugins

ssl-zen

Fixed in 4.6.0

References

CVE

CVE-2024-1076

Classification

Type

AUTHBYPASS

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-287

CVSS

6.8 (medium)

Miscellaneous

Original Researcher

Krzysztof Zając (CERT PL)

Submitter

Krzysztof Zając (CERT PL)

Submitter website

https://cert.pl

Submitter twitter

cert_polska_en

Verified

Yes

WPVDB ID

9c3e9c72-3d6c-4e2c-bb8a-f4efce1371d5

Timeline

Publicly Published

2024-04-17 (about 1 year ago)

Added

2024-04-17 (about 1 year ago)

Last Updated

2024-08-30 (about 1 year ago)

Other

Published

Title

Published

2014-08-01

Title

All in One SEO Pack <= 2.1.5 - Unspecified Privilege Escalation

Published

2025-05-29

Title

Browse As <= 0.2 - Subscriber+ Authentication Bypass via Cookie

Published

2024-11-27

Title

Contest Gallery < 24.0.8 - Unauthenticated Arbitrary Password Reset

Published

2016-09-19

Title

Order Export Import for WooCommerce 1.0.8 - Order Information Disclosure

Published

2016-03-22

Title

OptinMonster <= 1.1.4.5 - Execution of Arbitrary Shortcodes