Security Advisory

CVE-2024-1076

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-05-08 06:00:02

Last updated 2025-03-25 19:06:42

Assigner WPScan

State PUBLISHED

Description

The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the sites generated private keys, which allows an attacker to read them if the site runs on a server who doesnt support .htaccess files, like NGINX.

← Browse all CVEs View on cve.org ↗