CVE-2024-1076

Name of the Vulnerable Software and Affected Versions SSL Zen WordPress plugin versions prior to 4.6.0

Description The issue arises because the SSL Zen WordPress plugin relies solely on .htaccess to prevent access to the site's generated private keys. This poses a problem for servers that do not support .htaccess files, such as NGINX, allowing an attacker to read the private keys.

Recommendations For versions prior to 4.6.0, update to version 4.6.0 or later to resolve the issue. As a temporary workaround, consider configuring the server to restrict access to the private keys folder, or manually implementing an alternative method to prevent directory listing, until the update can be applied.