What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in jetmonsters Getwid getwid allows Retrieve Embedded Sensitive Data.This issue affects Getwid: from n/a through <= 2.1.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
What the vulnerability does
Insertion of Sensitive Information Into Sent Data vulnerability in jetmonsters Getwid getwid allows Retrieve Embedded Sensitive Data.This issue affects Getwid: from n/a through <= 2.1.2.
Explanation of Vulnerability in Simple Terms
Getwid versions up to 2.1.2 expose sensitive information to authenticated users with low privileges. An attacker with a basic user account can read data they should not have access to. The vulnerability requires network access and an active login but does not require user interaction. Update to version 2.2.0 or later to resolve this issue.
What an attacker can do
Read sensitive information accessible only to higher-privilege users.
Potential impact on your site
User data or site configuration details may be exposed to basic authenticated users.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources