CVE-2024-0680 in WP Private Content Plus Plugininfo

Zusammenfassung

von MITRE • 28.02.2024

The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected posts.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Zuständig

Wordfence

Reservieren

18.01.2024

Veröffentlichung

28.02.2024

Moderieren

akzeptiert

Eintrag

VDB-255095

CPE

bereit

EPSS

0.00603

KEV

nein

Aktivitäten

very low

Quellen

Want to stay up to date on a daily basis?

Enable the mail alert feature now!