Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2023-4036
HistoryAug 30, 2023 - 2:22 p.m.

CVE-2023-4036 Simple Blog Card < 1.32 - Subscriber+ Arbitrary Post Access

2023-08-3014:22:01
WPScan
www.cve.org
wordpress
plugin
access control

5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON

The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Simple Blog Card",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.32"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Related

cve 1
nvd 1
wpexploit 1
prion 1
wpvulndb 1
cve
cve
CVE-2023-4036
2023-08-30 15:15:09
nvd
nvd
CVE-2023-4036
2023-08-30 15:15:09
wpexploit
wpexploit
Simple Blog Card < 1.32 - Subscriber+ Arbitrary Post Access
2023-08-07 00:00:00
prion
prion
Buffer overflow
2023-08-30 15:15:00
wpvulndb
wpvulndb
Simple Blog Card < 1.32 - Subscriber+ Arbitrary Post Access
2023-08-07 00:00:00

5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON
Related for CVELIST:CVE-2023-4036
cve1nvd1wpexploit1prion1wpvulndb1