The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the content of password-protected, private, draft, and pending posts.
Metrics
Affected Vendors & Products
References
History
Mon, 16 Dec 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Sat, 14 Dec 2024 04:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the content of password-protected, private, draft, and pending posts. | |
Title | Get Post Content Shortcode <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content Shortcode | |
Weaknesses | CWE-639 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-14T04:23:45.742Z
Updated: 2024-12-16T20:06:13.913Z
Reserved: 2024-12-10T19:11:51.611Z
Link: CVE-2024-12447
Vulnrichment
Updated: 2024-12-16T19:39:28.582Z
NVD
Status : Received
Published: 2024-12-14T05:15:10.670
Modified: 2024-12-14T05:15:10.670
Link: CVE-2024-12447
Redhat
No data.