CVE-2020-13764

Name of the Vulnerable Software and Affected Versions Gravity Forms plugin versions prior to 2.4.9

Description The issue concerns the Gravity Forms plugin for WordPress, where a problem in the common.php file can lead to the leakage of hashed passwords. This occurs because user pass is not treated as a special case when the $current user->get($property) function is called, potentially exposing sensitive user information.

Recommendations For versions prior to 2.4.9, update to version 2.4.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the common.php file or limiting the use of the $current user->get($property) function to minimize the risk of exploitation.