Primary

Context

WordPress Tripetto Plugin Sensitive Information Exposure Vulnerability

Vulnerability

Patched

A vulnerability allowing sensitive information exposure has been identified in the Tripetto WordPress plugin, specifically in versions through 8.0.8. The issue arises in the 'attachments.php' file, where unauthenticated attackers can access sensitive data, including files uploaded through forms.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, such as files uploaded via forms, potentially including personal or confidential data.

Reproduction

The vulnerability can be reproduced by sending a request to the 'attachments.php' file with a reference to an uploaded file. This can be done without authentication, allowing any user to access the sensitive information.

Remediation

Users are advised to update the Tripetto WordPress plugin to version 8.0.9 or later, where this vulnerability has been patched.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

2.5

exploitability

9.3

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

2.5

exploitability

9.3

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Tripetto Plugin Sensitive Information Exposure Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Tripetto

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating