4 matches found
CVE-2024-0682
The Page Restrict plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 2.5.5. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers t...
CVE-2024-0682
The Page Restrict plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 2.5.5. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers t...
CVE-2024-0682
CVE-2024-0682 affects the Page Restrict plugin for WordPress. It allows information disclosure by unauthenticated actors due to inadequate REST API access restrictions for private posts in all versions up to 2.5.5. Base CVSS 3.1 is 5.3 (Medium), Confidentiality impact: Low. No public remediation ...
WordPress Page Restrict Plugin <= 2.5.5 is vulnerable to Bypass Vulnerability
Software Page Restrict Type Plugin Vulnerable versions = 2.5.5 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-0682 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e5dc30bc662f Credits Francesco Carlucci Required privilege...