The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wp_reusable_render' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.
Metrics
Affected Vendors & Products
References
History
Thu, 12 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 12 Dec 2024 07:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wp_reusable_render' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. | |
Title | Greenshift – animation and page builder blocks <= 9.9.9.3 - Authenticated (Contributor+) Post Disclosure | |
Weaknesses | CWE-639 | |
References |
|
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-12T06:46:32.559Z
Updated: 2024-12-12T14:40:45.586Z
Reserved: 2024-11-13T15:16:43.061Z
Link: CVE-2024-11181
Vulnrichment
Updated: 2024-12-12T14:40:40.930Z
NVD
Status : Received
Published: 2024-12-12T07:15:08.057
Modified: 2024-12-12T07:15:08.057
Link: CVE-2024-11181
Redhat
No data.