5 matches found
CVE-2023-1911
The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example...
CVE-2023-1911 Blocksy Companion < 1.8.82 - Subscriber+ Draft Post Access
The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example...
CVE-2023-1911 Blocksy Companion < 1.8.82 - Subscriber+ Draft Post Access
The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example...
CVE-2023-1911
Blocksy Companion (WordPress plugin by Creative Themes) before 1.8.82 contains an authorization flaw: posts accessible via a shortcode are not confirmed public, allowing any authenticated user (e.g., subscribers) to view draft content. This exposes draft posts to users who should not have access....
WordPress Blocksy Companion Plugin < 1.8.82 is vulnerable to Sensitive Data Exposure
Software Blocksy Companion Type Plugin Vulnerable versions 1.8.82 Fixed in 1.8.82 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-1911 Patch priority Medium CVSS severity Medium 4.3 Developer Creative Themes PSID a9848e95cc61 Credits Erwan LR WPScan...