{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T05:45:07.731","vulnerabilities":[{"cve":{"id":"CVE-2024-12535","sourceIdentifier":"security@wordfence.com","published":"2025-01-07T06:15:17.220","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited."},{"lang":"es","value":"El complemento Host PHP Info para WordPress es vulnerable al acceso no autorizado a los datos debido a una comprobación de capacidad que falta al incluir la función 'phpinfo' en todas las versiones hasta la 1.0.4 incluida. Esto permite que atacantes no autenticados lean los ajustes de configuración y las variables predefinidas en el servidor del sitio. No es necesario activar el complemento para que se aproveche la vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/host-php-info/trunk/info.php#L2","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/88d27385-9b92-419c-9e03-687d7192bbb5?source=cve","source":"security@wordfence.com"}]}}]}