Description

Acunetix determined that it was possible to access ImageResizer Diagnotics plugin without authentication.

Remediation

Restrict access to ImageResizer Diagnotics plugin

References

Diagnostics plugin

Related Vulnerabilities

WordPress Plugin WP Activity Log Information Disclosure (3.1.1)

Apache Tomcat version older than 6.0.36

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2086)

WordPress Plugin Contact Form 7 Database Information Disclosure (1.3)

WordPress Plugin WP Import Export Lite Information Disclosure (3.9.15)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration