Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2025/05/23 9:59 a.m.9 views

CVE-2024-1370

The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribedownload function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber access...

5.3CVSS6.5AI score0.00445EPSS
Exploits0References1
cve
cve
added 2024/03/13 3:26 p.m.44 views

CVE-2024-1370

CVE-2024-1370 affects the WordPress Maintenance Page plugin. A missing capability check in the subscribe_download AJAX handler in all versions up to 1.0.8 allows authenticated users with subscriber access or higher to download a CSV with subscriber emails. Affected versions: ≤1.0.8; impact is inf...

5.3CVSS5.9AI score0.00445EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2024/03/13 3:26 p.m.13 views

CVE-2024-1370 Maintenance Page <= 1.0.8 - Missing Authorization to Sensitive Information Exposure

The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribedownload function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber access...

5.3CVSS6.7AI score0.00445EPSS
Exploits0References2
cvelist
cvelist
added 2024/03/13 3:26 p.m.34 views

CVE-2024-1370 Maintenance Page <= 1.0.8 - Missing Authorization to Sensitive Information Exposure

The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribedownload function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber access...

5.3CVSS5.2AI score0.00445EPSS
Exploits0References2
patchstack
patchstack
added 2024/02/23 12:0 a.m.11 views

WordPress Maintenance Page Plugin <= 1.0.8 is vulnerable to Broken Access Control

Software Maintenance Page Type Plugin Vulnerable versions = 1.0.8 Fixed in 1.0.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1370 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d5a894ccce46 Credits Francesco Carlucci Required...

5.3CVSS6.5AI score0.00445EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder