What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in Steve Burge TaxoPress simple-tags allows Retrieve Embedded Sensitive Data.This issue affects TaxoPress: from n/a through <= 3.37.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
What the vulnerability does
Insertion of Sensitive Information Into Sent Data vulnerability in Steve Burge TaxoPress simple-tags allows Retrieve Embedded Sensitive Data.This issue affects TaxoPress: from n/a through <= 3.37.2.
Explanation of Vulnerability in Simple Terms
TaxoPress versions up to 3.37.2 expose sensitive information to authenticated users. A logged-in user with low privileges can read data they should not have access to. The vulnerability requires an active user account but no special interaction. Update to a version newer than 3.37.2 to resolve this issue.
What an attacker can do
Read sensitive information accessible only to higher-privilege users.
Potential impact on your site
Authenticated users can access confidential data beyond their permission level.
Conditions required to exploit
Attacker must have a valid user account with low privileges on the site.
Key dates
External resources