CVE-2024-1479

Sažetak

The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpsp_display function. This makes it possible for authenticated attackers with contributor access and above to view the contents of draft, trash, future, private and pending posts and pages.

Reference

https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L224
https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L591
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041416%40wp-show-posts%2Ftrunk&old=2846296%40wp-show-posts%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/6788e2ee-ce61-494b-8d7f-6d1144466e58?source=cve
https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L224
https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L591
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041416%40wp-show-posts%2Ftrunk&old=2846296%40wp-show-posts%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/6788e2ee-ce61-494b-8d7f-6d1144466e58?source=cve

CVSS

Base:	5.3
Impact:	1.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Zadnje važnije ažuriranje

06-03-2025 - 14:24

Objavljeno

13-03-2024 - 16:15