The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including LinkedIn client and secret keys.
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Civi | Uxper | * | 2.1.4 (including) |