3 matches found
CVE-2024-1678
The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page and post...
CVE-2024-1678
The connected sources confirm CVE-2024-1678 affects the Subway – Private Site Option WordPress plugin and enables Sensitive Information Exposure via the REST API in all versions up to 2.1.4. The vulnerability allows unauthenticated attackers to bypass the plugin’s private-site feature and access ...
WordPress Subway – Private Site Option Plugin <= 2.1.4 is vulnerable to Sensitive Data Exposure
Software Subway – Private Site Option Type Plugin Vulnerable versions = 2.1.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-1678 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 2690fc946af0 Credits Francesco Carlucc...