The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the 'get_legacy_cookies' function. This makes it possible for unauthenticated attackers to extract sensitive data including titles and permalinks of private, password-protected, pending, and draft posts.
Metrics
Affected Vendors & Products
References
History
Wed, 11 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 11 Dec 2024 11:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the 'get_legacy_cookies' function. This makes it possible for unauthenticated attackers to extract sensitive data including titles and permalinks of private, password-protected, pending, and draft posts. | |
Title | Last Viewed Posts by WPBeginner <= 1.0.1 - Unauthenticated Sensitive Information Exposure | |
Weaknesses | CWE-284 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-11T10:57:30.270Z
Updated: 2024-12-11T14:53:19.903Z
Reserved: 2024-12-06T00:00:35.587Z
Link: CVE-2024-12294
Vulnrichment
Updated: 2024-12-11T14:53:14.252Z
NVD
Status : Received
Published: 2024-12-11T11:15:06.623
Modified: 2024-12-11T11:15:06.623
Link: CVE-2024-12294
Redhat
No data.