2 matches found
CVE-2023-6731
CVE-2023-6731 affects the WP Show Posts plugin for WordPress. The issue is a missing capability check on multiple AJAX functions, present in all versions up to and including 1.1.5. This enables authenticated attackers with subscriber+ privileges to access data they should not be able to view, spe...
CVE-2024-1479
CVE-2024-1479 affects the WordPress plugin WP Show Posts (up to and including version 1.1.4). The vulnerability arises in the wpsp_display function and could allow authenticated attackers with Contributor+ privileges to view content of drafts, trash, future, private, and pending posts/pages. The ...