Description
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin All-In-One Security (AIOS)-Security and Firewall version 5.1.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 5.1.3 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:CC05F760-983D-4DC1-AFBB-6B4965AA8ABE
https://plugins.svn.wordpress.org/all-in-one-wp-security-and-firewall/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Quick Paypal Payments Security Bypass (5.7.21)
WordPress Plugin CYSTEME Finder, the admin files explorer Multiple Vulnerabilities (1.3)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0800)
WordPress Plugin Viper's Video Quicktags Unspecified Vulnerability (6.4.4)