What the vulnerability does
01Description
Missing Authorization vulnerability in SecuPress SecuPress Free secupress.This issue affects SecuPress Free: from n/a through <= 2.2.5.3.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
What the vulnerability does
Missing Authorization vulnerability in SecuPress SecuPress Free secupress.This issue affects SecuPress Free: from n/a through <= 2.2.5.3.
Explanation of Vulnerability in Simple Terms
SecuPress Free versions up to 2.2.5.3 lack proper authorization checks, allowing unauthenticated attackers to access sensitive information. The vulnerability requires no user interaction and can be exploited over the network. Site administrators should update to a version newer than 2.2.5.3 to prevent unauthorized data exposure.
What an attacker can do
Read sensitive information without logging in.
Potential impact on your site
Attackers can view private data exposed by the plugin without needing a user account.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources