Описание
The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected posts.
Ссылки
- Product
- Third Party Advisory
- Product
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.6.1 (исключая)
cpe:2.3:a:wpexpertdeveloper:wp_private_content_plus:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 68%
0.00581
Низкий
5.3 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.3
github
почти 2 года назад
The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected posts.
EPSS
Процентиль: 68%
0.00581
Низкий
5.3 Medium
CVSS3
Дефекты
NVD-CWE-noinfo