WordPress Plugin Vulnerabilities

All In One WP Security & Firewall < 5.1.3 - Configuration Leak

Description

The plugin leaked settings of the plugin publicly, including the used email address.

Proof of Concept

Affects Plugins

Plugin icon
all-in-one-wp-security-and-firewall
Fixed in 5.1.3

References

CVE
CVE-2022-4346

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
https://daniel-ruf.de
Verified
Yes
WPVDB ID
cc05f760-983d-4dc1-afbb-6b4965aa8abe

Timeline

Publicly Published
2022-12-27 (about 3 years ago)
Added
2022-12-27 (about 3 years ago)
Last Updated
2022-12-27 (about 3 years ago)

Other

Published
Title
Published
2025-10-14
Title
TempTool [Show Current Template Info] <= 1.3.1 - Authenticated (Contributor+) Information Exposure
Published
2024-08-20
Title
Flamix: Bitrix24 and Contact Form 7 integrations < 3.2.0 - Unauthenticated Full Path Disclosure
Published
2024-02-07
Title
PPWP – Password Protect Pages < 1.9.0 - Protection Mechanism Bypass
Published
2024-08-14
Title
Newsletters < 4.9.9.1 - Unauthenticated Full Path Disclosure
Published
2025-03-21
Title
GiveWP – Donation Plugin and Fundraising Platform < 3.22.2 - Authenticated (Subscriber+) Sensitive Information Exposure