Skip to main content

Gravityforms

1 CVEs product

Monthly

CVE-2020-13764 PHP HIGH PATCH This Week

common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP WordPress Information Disclosure Gravityforms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
EPSS 2% CVSS 7.5
HIGH PATCH This Week

common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP WordPress Information Disclosure +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy