CVE-2023-7046

Name of the Vulnerable Software and Affected Versions WP Encryption plugin for WordPress versions up to, and including, 7.0

Description The issue is related to insufficient protection of internal data, which can be exploited by a remote attacker to disclose protected information. Specifically, the vulnerability allows unauthenticated attackers to extract sensitive data, including TLS Certificate Private Keys, due to exposed Private key files.

Recommendations For WP Encryption plugin for WordPress versions up to, and including, 7.0, update to a version later than 7.0 to resolve the issue. As a temporary workaround, consider restricting access to the Private key files to minimize the risk of exploitation.