What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in Themeum Qubely qubely allows Retrieve Embedded Sensitive Data.This issue affects Qubely: from n/a through <= 1.8.14.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
What the vulnerability does
Insertion of Sensitive Information Into Sent Data vulnerability in Themeum Qubely qubely allows Retrieve Embedded Sensitive Data.This issue affects Qubely: from n/a through <= 1.8.14.
Explanation of Vulnerability in Simple Terms
Qubely versions up to 1.8.14 expose sensitive information to authenticated users with low privileges. An attacker with a basic user account can read data they should not have access to. The vulnerability requires login credentials but no additional user interaction. Update to a version newer than 1.8.14 to resolve this issue.
What an attacker can do
Read sensitive information accessible only to higher-privilege users.
Potential impact on your site
User data and site information may be exposed to any authenticated user, including subscribers or contributors.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources
Related vulnerabilities