CVE-2024-1479 Information

Mar 14, 2024 cve

Description

The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 1.1.4 via the wpsp_display function. This makes it possible for authenticated attackers with contributor access and above to view the contents of draft trash future private and pending posts and pages.

Reference

https://www.wordfence.com/threat-intel/vulnerabilities/id/6788e2ee-ce61-494b-8d7f-6d1144466e58?source=cve https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L224 https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L591 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041416%40wp-show-posts%2Ftrunk&old=2846296%40wp-show-posts%2Ftrunk&sfp_email=&sfph_mail=

Share on: