common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| wp-premium/gravityforms(Packagist) | 0 | 2.4.9 | N/A |
CVSS Metrics
