CVE-2024-2093

Published: Apr 9, 2024Modified: Apr 8, 2026

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content.

Affected (1)

Products: Vektor Inc: Vk All In One Expansion Unit

1 product

Vk All In One Expansion Unit

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Vektor Inc Vk All In One Expansion Unit	Before 9.96.0.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

https://github.com/vektor-inc/vk-all-in-one-expansion-unit/pull/1072

Source: security@wordfence.com

Issue TrackingVendor Advisory

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050823%40vk-all-in-one-expansion-unit&new=3050823%40vk-all-in-one-expansion-unit&sfp_email=&sfph_mail=

Source: security@wordfence.com

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/ea2b5dca-42a5-49d4-800d-b268572968a9?source=cve

Source: security@wordfence.com

Third Party Advisory

https://github.com/vektor-inc/vk-all-in-one-expansion-unit/pull/1072

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050823%40vk-all-in-one-expansion-unit&new=3050823%40vk-all-in-one-expansion-unit&sfp_email=&sfph_mail=

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/ea2b5dca-42a5-49d4-800d-b268572968a9?source=cve

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.