The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.29 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.
History

Wed, 18 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 18 Dec 2024 07:15:00 +0000

Type Values Removed Values Added
Description The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.29 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.
Title Simple Page Access Restriction <= 1.0.29 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-12-18T07:02:46.168Z

Updated: 2024-12-18T16:33:27.786Z

Reserved: 2024-11-15T23:54:25.258Z

Link: CVE-2024-11295

cve-icon Vulnrichment

Updated: 2024-12-18T16:26:35.797Z

cve-icon NVD

Status : Received

Published: 2024-12-18T07:15:06.737

Modified: 2024-12-18T07:15:06.737

Link: CVE-2024-11295

cve-icon Redhat

No data.