3 matches found
CVE-2024-0680
The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated...
CVE-2024-0680
CVE-2024-0680 affects the WP Private Content Plus plugin for WordPress (versions up to and including 3.6). The root cause is improper access restriction of posts via the REST API when a page is private, allowing unauthenticated attackers to view protected posts. The vulnerability is documented ac...
WordPress WP Private Content Plus Plugin <= 3.6 is vulnerable to Bypass Vulnerability
Software WP Private Content Plus Type Plugin Vulnerable versions = 3.6 Fixed in 3.6.1 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-0680 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 0b6db52774fe Credits Francesco Carlucci Required...