CVE-2020-9043
HIGH EXPLOITED NUCLEIwpCentral < 1.5.1 - Unauthenticated Sensitive Information Exposure via Connection Key Disclosure
Title source: llmExploitation Summary
CVE-2020-9043 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key.
Nuclei Templates (1)
WordPress wpCentral <1.5.1 - Information Disclosure
HIGHVERIFIEDby scent2d
References (3)
Core 3
Core References
Release Notes x_refsource_misc
https://wordpress.org/plugins/wp-central/#developers
Patch, Release Notes, Third Party Advisory x_refsource_misc
https://plugins.trac.wordpress.org/changeset?&old=2244363%40wp-central&new=2244363%40wp-central
Exploit, Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/10074
Scores
CVSS v3
8.8
EPSS
0.0817
EPSS Percentile
94.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2022-12-05
CWE
CWE-200
Status
published
Products (1)
wpcentral/wpcentral
< 1.5.1
Published
Feb 17, 2020
Tracked Since
Feb 18, 2026