CVE-2024-43237: 
WordPress vulnerability analysis and mitigation

The TaxoPress WordPress Tag Cloud Plugin (Tag Groups) contains a Sensitive Data Exposure vulnerability (CVE-2024-43237) affecting versions through 2.0.3. The vulnerability was discovered by researcher Peng Zhou and was disclosed on September 12, 2024 (Patchstack Database).

The vulnerability is classified as an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200). It has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The vulnerability can be exploited without authentication, indicating that no special privileges are required to exploit it (Patchstack Database).

This vulnerability could allow malicious actors to view sensitive information that is normally not available to regular users. This exposed information could potentially be used to exploit other weaknesses in the system (Patchstack Database).

The vulnerability has been fixed in version 2.0.4 of the plugin. Users are advised to update to version 2.0.4 or later to remove the vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users update to the fixed version (Patchstack Database).