Unrated severityNVD Advisory· Published May 8, 2024· Updated Mar 25, 2025

SSL Zen <= 4.5.3 - Unauthenticated Private Keys Access

CVE-2024-1076

Description

The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/SSL Zen plugindescription
SSL Zen/SSL Zenllm-create
Range: <4.6.0
WordPress/SSL Zenwp-canonicalize

Patches

Vulnerability mechanics

References

wpscan.com/vulnerability/9c3e9c72-3d6c-4e2c-bb8a-f4efce1371d5/mitreexploitvdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000