Vulnerability Description
simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Simple Gmail Login | 1.1.2 | All versions |
| Simple Gmail Login | 1.1.3 | All versions |
| Wordpress | Wordpress | - |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2012-12/0061.html
- http://wordpress.org/extend/plugins/simple-gmail-login/changelog/
- http://archives.neohapsis.com/archives/bugtraq/2012-12/0061.html
- http://wordpress.org/extend/plugins/simple-gmail-login/changelog/
FAQ
What is CVE-2012-6313?
CVE-2012-6313 is a vulnerability with a CVSS score of 5.0 (MEDIUM). simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of...
How severe is CVE-2012-6313?
CVE-2012-6313 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6313?
Check the references section above for vendor advisories and patch information. Affected products include: Simple Gmail Login 1.1.2, Simple Gmail Login 1.1.3, Wordpress Wordpress.