CVE-2024-0908 Information
May 04, 2024
cve
Description
The Advanced Post Block – Display Posts Pages or Custom Posts on Your Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apbPosts() function hooked via an AJAX action in all versions up to and including 1.13.1. This makes it possible for unauthenticated attackers to retrieve all post data including those that may be password protected.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Reference
https://www.wordfence.com/threat-intel/vulnerabilities/id/8fb6c221-d885-42b5-977c-39e8608e3e31?source=cve https://plugins.trac.wordpress.org/browser/advanced-post-block/trunk/plugin.php#L173
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
NONE
Base Score
NONE
Base Severity
5.3
Share on: