Report
The Zippy plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.6.1 via the adminInit function. This can allow authenticated attackers with access to the post editor, such as contributors, to create an export that will contain sensitive author information, such as usernames and password hashes.
Score:6.5
Severity:Medium
Version: 1.6.1
There is a patch available in v1.6.2 and we strongly recommend you update to this version as soon as possible.
