Medium severity6.5NVD Advisory· Published Apr 9, 2024· Updated Apr 8, 2026

CVE-2024-2093

Description

The VK All in One Expansion Unit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.95.0.1 via social meta tags. This makes it possible for unauthenticated attackers to view limited password protected content.

Affected products

Vektor Inc/Vk All In One Expansion Unit
cpe:2.3:a:vektor-inc:vk_all_in_one_expansion_unit:*:*:*:*:*:wordpress:*:*
Range: <9.96.0.0

Patches

2552bc2093e4

https://github.com/vektor-inc/vk-all-in-one-expansion-unitvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

plugins.trac.wordpress.org/changesetnvdPatch
github.com/vektor-inc/vk-all-in-one-expansion-unit/pull/1072nvdIssue TrackingVendor Advisory
www.wordfence.com/threat-intel/vulnerabilities/id/ea2b5dca-42a5-49d4-800d-b268572968a9nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000