The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.29 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 18 Dec 2024 07:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.29 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users. | |
Title | Simple Page Access Restriction <= 1.0.29 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | |
Weaknesses | CWE-200 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-18T07:02:46.168Z
Updated: 2024-12-18T16:33:27.786Z
Reserved: 2024-11-15T23:54:25.258Z
Link: CVE-2024-11295
Vulnrichment
Updated: 2024-12-18T16:26:35.797Z
NVD
Status : Received
Published: 2024-12-18T07:15:06.737
Modified: 2024-12-18T07:15:06.737
Link: CVE-2024-11295
Redhat
No data.