The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
Metrics
Affected Vendors & Products
References
History
Fri, 06 Dec 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Wordpress
Wordpress wp Private Content Plus Plugin |
|
CPEs | cpe:2.3:a:wordpress:wp_private_content_plus_plugin:*:*:*:*:*:*:*:* | |
Vendors & Products |
Wordpress
Wordpress wp Private Content Plus Plugin |
|
Metrics |
ssvc
|
Fri, 06 Dec 2024 08:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | |
Title | WP Private Content Plus <= 3.6.1 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | |
Weaknesses | CWE-200 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-06T08:24:50.717Z
Updated: 2024-12-06T18:22:00.551Z
Reserved: 2024-11-15T22:26:36.486Z
Link: CVE-2024-11292
Vulnrichment
Updated: 2024-12-06T18:21:55.393Z
NVD
Status : Received
Published: 2024-12-06T09:15:05.993
Modified: 2024-12-06T09:15:05.993
Link: CVE-2024-11292
Redhat
No data.