What the vulnerability does
01Description
Subscriber Sensitive Data Exposure in WPPizza <= 3.19.9 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Subscriber Sensitive Data Exposure in WPPizza <= 3.19.9 versions.
Explanation of Vulnerability in Simple Terms
WPPizza versions up to 3.19.9 expose sensitive information to authenticated users with low privileges. An attacker with a basic user account can read data they should not have access to, such as configuration details or other users' information. Update to version 3.20.1 or later to resolve this issue.
What an attacker can do
Read sensitive data they should not have access to, such as configuration or other users' information.
Potential impact on your site
User account data and site configuration may be exposed to low-privilege users, risking privacy violations.
Conditions required to exploit
Attacker must have a low-privilege user account on the site (e.g., subscriber or customer role).
Key dates
External resources
Related vulnerabilities