exploitDog

CVE-2024-0906

Опубликовано: 12 мар. 2024

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

The f(x) Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the API. This makes it possible for unauthenticated attackers to obtain page and post contents of a site protected with this plugin.

Ссылки

https://wordpress.org/plugins/fx-private-site/
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/79c3abc6-68fa-4c51-88fa-03ab7d26cc4c?source=cve
Third Party Advisory
https://wordpress.org/plugins/fx-private-site/
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/79c3abc6-68fa-4c51-88fa-03ab7d26cc4c?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:shellcreeper:f\(x\)_private_site:*:*:*:*:*:wordpress:*:*

Версия до 1.2.1 (включая)

EPSS

Процентиль: 60%

0.00392

Низкий

5.3 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-rcvv-8j2x-3qwv

CVSS3: 5.3

github

почти 2 года назад

The f(x) Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the API. This makes it possible for unauthenticated attackers to obtain page and post contents of a site protected with this plugin.

EPSS

Процентиль: 60%

0.00392

Низкий

5.3 Medium

CVSS3

Дефекты

NVD-CWE-noinfo