The Anonymous Restricted Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to logged-in users.
History

Thu, 21 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Cayenne
Cayenne anonymous Restricted Content
Weaknesses CWE-276
CPEs cpe:2.3:a:cayenne:anonymous_restricted_content:*:*:*:*:*:*:*:*
Vendors & Products Cayenne
Cayenne anonymous Restricted Content
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 21 Nov 2024 14:15:00 +0000

Type Values Removed Values Added
Description The Anonymous Restricted Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to logged-in users.
Title Anonymous Restricted Content <= 1.6.5 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-11-21T13:55:32.191Z

Updated: 2024-11-21T14:23:02.953Z

Reserved: 2024-11-11T19:37:25.941Z

Link: CVE-2024-11089

cve-icon Vulnrichment

Updated: 2024-11-21T14:22:39.200Z

cve-icon NVD

Status : Received

Published: 2024-11-21T14:15:08.530

Modified: 2024-11-21T15:15:21.500

Link: CVE-2024-11089

cve-icon Redhat

No data.