.. / CVE-2024-33575

Exploit for User Meta WP Plugin < 3.1 - Sensitive Information Exposure (CVE-2024-33575)

Description:

The User Meta is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0 via the /views/debug.php file. This makes it possible for unauthenticated attackers, with to extract sensitive configuration data.

Nuclei Template

View the template here CVE-2024-33575.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-33575.yaml
Copy

References:

https://patchstack.com/database/vulnerability/user-meta/wordpress-user-meta-plugin-3-0-sensitive-data-exposure-vulnerability?_s_id=cve
https://nvd.nist.gov/vuln/detail/CVE-2024-33575
https://wpscan.com/vulnerability/3b75549c-3fc5-4e6f-84ae-264d8276bfb3/