3 matches found
WordPress Subway – Private Site Option plugin <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API vulnerability
Improper Access Control to Sensitive Information Exposure via REST API vulnerability discovered by Francesco Carlucci in WordPress Plugin Subway – Private Site Option versions = 2.1.4...
WordPress Subway – Private Site Option Plugin <= 2.1.4 is vulnerable to Sensitive Data Exposure
Software Subway – Private Site Option Type Plugin Vulnerable versions = 2.1.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-1678 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 2690fc946af0 Credits Francesco Carlucc...
Subway – Private Site Option <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API
Description The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page...