Description

WordPress Plugin Jigoshop is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin Jigoshop version 1.17.9 is vulnerable; prior versions are also affected.

Remediation

Update to plugin version 1.17.10 or latest

References

https://wordpress.org/support/topic/jigoshop-vulnerability

http://osvdb.org/show/osvdb/99485

Related Vulnerabilities

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1000862)

WordPress Plugin ARPrice-Responsive Pricing Table Cross-Site Request Forgery (2.3)

WordPress Plugin ALO EasyMail Newsletter Multiple Vulnerabilities (2.6.00)

qdPM Code Execution Vulnerability (CVE-2015-3884)

Jboss EAP Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2017-2666)

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Information Disclosure