What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in bPlugins B Accordion b-accordion allows Retrieve Embedded Sensitive Data.This issue affects B Accordion: from n/a through <= 2.0.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Insertion of Sensitive Information Into Sent Data vulnerability in bPlugins B Accordion b-accordion allows Retrieve Embedded Sensitive Data.This issue affects B Accordion: from n/a through <= 2.0.2.
Explanation of Vulnerability in Simple Terms
B Accordion versions 2.0.2 and earlier contain an information disclosure vulnerability. An attacker with low-level site access can read sensitive data that should be restricted. The vulnerability requires network access and valid user credentials but no additional user interaction. Update to a version newer than 2.0.2 to resolve this issue.
What an attacker can do
Read sensitive data restricted to higher-privilege users.
Potential impact on your site
User data or configuration details may be exposed to authenticated attackers with basic permissions.
Conditions required to exploit
Attacker must have a low-level user account on the site.
Key dates
External resources
Related vulnerabilities