The Content No Cache: prevent specific content from being cached plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.1.2 via the eos_dyn_get_content action due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.
History

Tue, 24 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 24 Dec 2024 09:30:00 +0000

Type Values Removed Values Added
Description The Content No Cache: prevent specific content from being cached plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.1.2 via the eos_dyn_get_content action due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.
Title Content No Cache: prevent specific content from being cached <= 0.1.2 - Unauthenticated Private Content Disclosure
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-12-24T09:21:50.231Z

Updated: 2024-12-24T15:22:02.158Z

Reserved: 2024-12-03T15:16:42.216Z

Link: CVE-2024-12103

cve-icon Vulnrichment

Updated: 2024-12-24T15:21:57.514Z

cve-icon NVD

Status : Received

Published: 2024-12-24T10:15:05.820

Modified: 2024-12-24T10:15:05.820

Link: CVE-2024-12103

cve-icon Redhat

No data.