Description

Acunetix determined that it was possible to access ImageResizer Diagnotics plugin without authentication.

Remediation

Restrict access to ImageResizer Diagnotics plugin

References

Diagnostics plugin

Related Vulnerabilities

Sensitive pages could be cached

HTTP verb tampering via POST

WordPress Plugin NextGEN Gallery-WordPress Gallery Information Disclosure (1.9.11)

Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-12529)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5610)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration