CVE-2024-13773
HIGHDescription
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including LinkedIn client and secret keys.
Is your site exposed to CVE-2024-13773?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| uxper | civi |
References
Frequently Asked Questions
What is CVE-2024-13773? +
How severe is CVE-2024-13773? +
What products are affected by CVE-2024-13773? +
How do I check if I'm vulnerable to CVE-2024-13773? +
Related Vulnerabilities
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, crates/appauth/src/token.rs ships a 2048-bit RSA private key …
Kasa EC71 v4 and EC70 v4 firmware contains a static cryptographic private key stored in a read-only filesystem that is …
This vulnerability exists in e-Sushrut due to disclosure of sensitive information and hardcoded AES encryption keys in client-side JavaScript. An …
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the `hmacBase64()` function in the …
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, ShareSecretManage uses a hardcoded default share link …
The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to …