Vigil@nce - WordPress Acumbamail: information disclosure
May 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can capture data of WordPress Acumbamail, in order to
obtain sensitive information.
Impacted products: WordPress Plugins
Severity: 1/4
Creation date: 06/05/2014
DESCRIPTION OF THE VULNERABILITY
The Acumbamail plugin can be installed on WordPress.
However, to communicate with the API, it uses HTTP instead of
HTTPS (HTTP+SSL).
An attacker can therefore capture data of WordPress Acumbamail, in
order to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/WordPress-Acumbamail-information-disclosure-14705