Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SSL Zen <= 4.5.3 - Unauthenticated Private Keys Access
Vulnerability Description
The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress plugin SSL Zen 安全漏洞
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin SSL Zen 4.6.0 版本之前存在安全漏洞,该漏洞源于仅依靠使用 .htaccess 来阻止访问者访问站点生成的私钥,如果站点运行在不支持 .htaccess 文件的服务器(例如 NGINX)上,攻击者就可以读取私钥。
CVSS Information
N/A
Vulnerability Type
N/A