Description Preview
The SSL Zen WordPress plugin versions less than 4.6.0 do not properly prevent directory listing of the private keys folder. The plugin relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys. However, if the site is running on a server that doesn't support .htaccess files, like NGINX, an attacker can read these private keys. This vulnerability is classified as CWE-548, Exposure of Information Through Directory Listing, and has a CVSS v3.1 base score of 6.5, indicating a medium severity level.
Overview
CVE-2024-1076 is a vulnerability in the SSL Zen WordPress plugin versions less than 4.6.0. The vulnerability is due to the plugin's improper handling of directory listing of the private keys folder. This vulnerability was discovered by Krzysztof Zająć from CERT PL and coordinated by WPScan.
Remediation
Users of the SSL Zen WordPress plugin are advised to update to version 4.6.0 or later, which contains a fix for this vulnerability. If updating is not immediately possible, users should consider implementing server-level protections to prevent directory listing, especially if the server does not support .htaccess files.
References
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- Accommodation & Food ServicesAccommodation & Food Services
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting
- Arts, Entertainment & RecreationArts, Entertainment & Recreation
- ConstructionConstruction
- Educational ServicesEducational Services
- Finance and InsuranceFinance and Insurance
- Health Care & Social AssistanceHealth Care & Social Assistance
- InformationInformation
- Management of Companies & EnterprisesManagement of Companies & Enterprises
- ManufacturingManufacturing
- MiningMining
- Other Services (except Public Administration)Other Services (except Public Administration)
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services
- Public AdministrationPublic Administration
- Real Estate Rental & LeasingReal Estate Rental & Leasing
- Retail TradeRetail Trade
- Transportation & WarehousingTransportation & Warehousing
- UtilitiesUtilities
- Wholesale TradeWholesale Trade
