CVE-2024-1678

The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page and post...

CVE-2024-1678

The connected sources confirm CVE-2024-1678 affects the Subway – Private Site Option WordPress plugin and enables Sensitive Information Exposure via the REST API in all versions up to 2.1.4. The vulnerability allows unauthenticated attackers to bypass the plugin’s private-site feature and access ...

CVE-2024-1678 Subway – Private Site Option <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API

The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page and post...

WordPress plugin Subway 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-18214 · WordPress · The Subway – Private Site Option

Name of the Vulnerable Software and Affected Versions: The Subway – Private Site Option plugin for WordPress versions up to, and including, 2.1.4 Description: The issue allows unauthenticated attackers to bypass the plugin's private site feature and view restricted page and post content via the...