CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-0212: Cloudflare WordPress plugin enables information disclosure of Cloudflare API (for low privileged users)

8.1 CVSS

Description

The Cloudflare Wordpress plugin was found to be vulnerable to improper authentication. The vulnerability enables attackers with a lower privileged account to access data from the Cloudflare API.

Classification

CVE ID: CVE-2024-0212

CVSS Base Severity: HIGH

CVSS Base Score: 8.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Problem Types

CWE-284 Improper Access Control

Affected Products

Vendor: Cloudflare

Product: Cloudflare-WordPress

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.58% (probability of being exploited)

EPSS Percentile: 67.84% (scored less or equal to compared to others)

EPSS Date: 2025-06-27 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: total

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-0212
https://github.com/cloudflare/Cloudflare-WordPress/security/advisories/GHSA-h2fj-7r3m-7gf2
https://github.com/cloudflare/Cloudflare-WordPress/releases/tag/v4.12.3

Timeline

2025-06-06 18:40:09 UTC
CVE

Cloudflare WordPress plugin enables information disclosure of Cloudflare API (for low privileged users)