CVE-2024-12041

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-359
View all →

Vulnerability Description

The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.0.12 via the /wp-json/directorist/v1/users/ endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including including usernames, email addresses, names, and more information about users.

Related Vulnerabilities

CVE-2017-16769

MEDIUM
CVSS:5.3(Medium)

Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mod...

CWE-3592017

CVE-2019-15623

MEDIUM
CVSS:5.3(Medium)

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled...

CWE-3592019

CVE-2021-21823

MEDIUM
CVSS:5.3(Medium)

An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A specially crafted series of network requests can lead to the disclosur...

CWE-3592021

CVE-2021-22876

MEDIUM
CVSS:5.3(Medium)

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip of...

CWE-3592021

CVE-2021-28559

MEDIUM
CVSS:5.3(Medium)

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Information Exposure vulnerability. An unauthenticate...

CWE-3592021

CVE-2021-3980

MEDIUM
CVSS:5.3(Medium)

elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor

CWE-3592021